volatility-tools for Debian
---------------------------

To generate a profile to a Linux version, follow these steps:

1. Log in a system that is using the target kernel (you can make it in any
   machine running the desired kernel).
2. Install gcc, make, zip and the linux-headers-(?) packages.
3. Go to /usr/src/volatility-tools/linux.
4. Run 'make' command.
5. Run 'zip profile-name-to-use.zip module.dwarf /boot/System.map-(?)'
6. Copy the zip file to volatility profiles folder. Use the
   'dpkg -L volatility' command to find the folder. Generally at
   /usr/lib/pythonVERSION/dist-packages/volatility/plugins/overlays/linux/,
   where VERSION is a python version.
7. Use the command 'volatility --info | grep Linux' to see if the new profile
   was recognised.

PS: in commands, (?) must be replaced by the right option.

To see more about profiles, go to
https://code.google.com/p/volatility/wiki/LinuxMemoryForensics

 -- Joao Eriberto Mota Filho <eriberto@debian.org>  Tue, 07 Jan 2014 16:52:30 -0200,
    Updated at Mon, 21 Sep 2014 11:57:00 -0300.