What is the appropriate uncompressed kernel ELF to use with dwarf2json? [ 5.19.0-42-generic #43~22.04.1-Ubuntu ], in order to create generate a custom symbols table to conduct linux memory forensics on Ubuntu 22.04?

This page summarizes the projects mentioned and recommended in the original post on /r/computerforensics
#Python #Malware #volatility-framework #Memory #Ram

Our great sponsors
  • InfluxDB - Collect and Analyze Billions of Data Points in Real Time
  • Mergify - Tired of breaking your main and manually rebasing outdated pull requests?
  • Sonar - Write Clean Python Code. Always.
Our great sponsors

  • dwarf2json

    convert ELF/DWARF symbol and type information into vol3's intermediate JSON

    $ uname -a Linux UbuntuVM 5.19.0-42-generic #43~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Fri Apr 21 16:51:08 UTC 2 x86_64 x86_64 x86_64 GNU/Linux

  • volatility

    An advanced memory forensics framework

    I need this to create generate a custom symbols table (using dwarf2json), in order to run a memory dump acquired by Ubuntu 22.04, as Ubuntu 22.04 kernel does not work anymore with volatility 2 (Issue here: volatilityfoundation/volatility#828)

  • InfluxDB

    Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts