Closed yogistudio closed 2 years ago
Hi,
could you give more details please?
/usr/bin/volatility-extra: line 3: /usr/bin/volatility: No such file or directory
~I think it's looking for /usr/bin/vol
.~ No.
Perhaps it's for volatility2 and I don't have volatility2 any more.
$ pacman -Ql volatility3 | grep /bin
volatility3 /usr/bin/
volatility3 /usr/bin/vol
volatility3 /usr/bin/volshell
$ pacman -Ql volatility-extra | grep /bin
volatility-extra /usr/bin/
volatility-extra /usr/bin/volatility-extr
My problem is missing /usr/bin/volatility
:
$ pacman -Qs volatility-extra
local/volatility-extra 92.d9fc072-2 (blackarch blackarch-forensic)
Volatility plugins developed and maintained by the community.
$ pacman -Ql volatility-extra | grep /bin
volatility-extra /usr/bin/
volatility-extra /usr/bin/volatility-extra
$ cat /usr/bin/volatility-extra
#!/bin/sh
cd /usr/share/volatility-extra
exec /usr/bin/volatility --plugins="/usr/share/volatility-extra" "$@"
Am I out of sync?
My problem is missing /usr/bin/volatility:
pacman -S volatility3
you should already have it https://github.com/BlackArch/blackarch/blob/36466c9f039c22f16262e5b7b47745e650ac8d77/packages/volatility-extra/PKGBUILD#L12
Yes, I have it, but as you see:
$ pacman -Ql volatility3 | grep /bin
volatility3 /usr/bin/
volatility3 /usr/bin/vol
volatility3 /usr/bin/volshell
It doesn't have /usr/bin/volatility
. If I let volatility-extra
user /usr/bin/vol
it shouts:
volatility: error: unrecognized arguments: --plugins=/usr/share/volatility-extra
Yeah volatility 3 binary is /usr/bin/vol
, and commands from 2 are not compatible with 3. Volatility 3 has a completely different architecture.
/usr/bin/vol --help
Volatility 3 Framework 2.0.1
usage: volatility [-h] [-c CONFIG] [--parallelism [{processes,threads,off}]] [-e EXTEND] [-p PLUGIN_DIRS] [-s SYMBOL_DIRS] [-v] [-l LOG] [-o OUTPUT_DIR] [-q] [-r RENDERER] [-f FILE] [--write-config] [--clear-cache]
[--cache-path CACHE_PATH] [--offline] [--single-location SINGLE_LOCATION] [--stackers [STACKERS ...]] [--single-swap-locations [SINGLE_SWAP_LOCATIONS ...]]
plugin ...
An open-source memory forensics framework
options:
-h, --help Show this help message and exit, for specific plugin options use 'volatility <pluginname> --help'
-c CONFIG, --config CONFIG
Load the configuration from a json file
--parallelism [{processes,threads,off}]
Enables parallelism (defaults to off if no argument given)
-e EXTEND, --extend EXTEND
Extend the configuration with a new (or changed) setting
-p PLUGIN_DIRS, --plugin-dirs PLUGIN_DIRS
Semi-colon separated list of paths to find plugins
-s SYMBOL_DIRS, --symbol-dirs SYMBOL_DIRS
Semi-colon separated list of paths to find symbols
-v, --verbosity Increase output verbosity
-l LOG, --log LOG Log output to a file as well as the console
-o OUTPUT_DIR, --output-dir OUTPUT_DIR
Directory in which to output any generated files
-q, --quiet Remove progress feedback
-r RENDERER, --renderer RENDERER
Determines how to render the output (quick, csv, pretty, json, jsonl)
-f FILE, --file FILE Shorthand for --single-location=file:// if single-location is not defined
--write-config Write configuration JSON file out to config.json
--clear-cache Clears out all short-term cached items
--cache-path CACHE_PATH
Change the default path (/home/noraj/.cache/volatility3) used to store the cache
--offline Do not search online for additional JSON files
--single-location SINGLE_LOCATION
Specifies a base location on which to stack
--stackers [STACKERS ...]
List of stackers
--single-swap-locations [SINGLE_SWAP_LOCATIONS ...]
Specifies a list of swap layer URIs for use with single-location
maybe volatility-extra
works only for the old volatility 2, maybe check upstream https://github.com/volatilityfoundation/community/issues/1
Shall we either remove it or add volatility 2 as its dependency? I feel it doesn't make sense to install a package that won't work.
On Tue, Jul 19, 2022, 00:12 Alexandre ZANNI @.***> wrote:
volatility-extra works only for the old volatility 2
— Reply to this email directly, view it on GitHub https://github.com/BlackArch/blackarch-iso/issues/38#issuecomment-1188374349, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAZUBBVQR5JFGHK6Y5QUQV3VUXJGJANCNFSM5FXPHHTQ . You are receiving this because you commented.Message ID: @.***>
Volatility 2 isn't packaged anymore. We don't remove tool but we should definitly create an archive/old/deprecated category
I think you can add volatility 2 into deprecated category and correct the dependency of volatility-extra
to it.
https://github.com/BlackArch/blackarch/blob/36466c9f039c22f16262e5b7b47745e650ac8d77/packages/volatility-extra/PKGBUILD#L12 Claiming it depends on volatility3
is clearly a mistake.
volatility-extra cannot execute