Bài Tập 18.1 - Installing Volatility on BackTrack 5 R1

Lưu ý : BackTrack 3 đã cài sẳn VOL

---

Section 0. Background Information

1. Volatility 2.2
   • Volatility now supports Linux memory dumps in raw or LiME format and includes 35+ plugins for analyzing 32-bit and 64-bit Linux kernels from 2.6.11 - 3.5.x and distributions such as Debian, Ubuntu, OpenSuSE, Fedora, CentOS, and Mandrake. Official OSX and Android support are coming!
   • Volatility supports memory dumps from all major 32-bit and 64-bit Windows versions and service packs including XP, 2003 Server, Vista, Server 2008, Server 2008R2, and 7.
   • Whether your memory dump is in raw format, a Microsoft crash dump, hibernation file, or virtual machine snapshot, Volatility is able to work with it.
   • Reference: http://code.google.com/p/volatility/
2. Lab Notes
   • In this lab we will do the following:
     1. Download Volatility 2.2.
     2. Un-Tar Volatility 2.2.
3. Legal Disclaimer 

Section 1. Login to BackTrack

1. Start Up VMWare Player
   • Instructions:
     1. Click the Start Button
     2. Type Vmplayer in the search box
     3. Click on Vmplayer
   • 
2. Open a Virtual Machine
   • Instructions:
     1. Click on Open a Virtual Machine
   • 
3. Open the BackTrack5R1 VM
   • Instructions:
     1. Navigate to where the BackTrack5R1 VM is located
     2. Click on on the BackTrack5R1 VM
     3. Click on the Open Button
   • 
4. Edit the BackTrack5R1 VM
   • Instructions:
     1. Select BackTrack5R1 VM
     2. Click Edit virtual machine settings
   • 
5. Edit Virtual Machine Settings
   • Instructions:
     1. Click on Network Adapter
     2. Click on the Bridged Radio button
     3. Click on the OK Button
   • 
6. Play the BackTrack5R1 VM
   • Instructions:
     1. Click on the BackTrack5R1 VM
     2. Click on Play virtual machine
   • 
7. Login to BackTrack
   • Instructions:
     1. Login: root
     2. Password: toor or <whatever you changed it to>.
   • 
8. Bring up the GNOME
   • Instructions:
     1. Type startx
   • 

Section 2. Bring up a console terminal

1. Start up a terminal window
   • Instructions:
     1. Click on the Terminal Window
   • 
2. Obtain the IP Address
   • Instructions:
     1. ifconfig -a
   • Note(FYI):
     • My IP address 192.168.1.108.
     • In your case, it will probably be different.
   • 

Section 3. Installing Volatility 2.2

1. Download Volatility 2.2
   • Instructions
     1. cd /pentest/forensics/
     2. wget http://volatility.googlecode.com/files/volatility-2.2.tar.gz
     3. ls -l *.gz
   • 
2. Un-Tar Volatility
   • Instructions
   1. tar zxovf volatility-2.2.tar.gz
   •