https://github.com/angelomirabella/linux_coredump

Volatility plugin that attempts to create a core dump file starting from the memory of a Linux process
https://github.com/angelomirabella/linux_coredump

Last synced: about 2 months ago
JSON representation

Volatility plugin that attempts to create a core dump file starting from the memory of a Linux process

• Host: GitHub
• URL: https://github.com/angelomirabella/linux_coredump
• Owner: Angelomirabella
• Created: 2019-05-22T08:41:12.000Z (about 7 years ago)
• Default Branch: master
• Last Pushed: 2019-09-28T21:21:29.000Z (over 6 years ago)
• Last Synced: 2025-08-31T07:42:02.306Z (9 months ago)
• Language: Python
• Size: 41 KB
• Stars: 6
• Watchers: 0
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-forensics - **1**星

README

          
# Linux Coredump

Linux Coredump is a volatility plugin that attempts to create a core dump file starting from the memory of a Linux process.

## Usage

* Clone or download the linux\_coredump plugin.

* Issue the command:

    ```bash

    volatility --plugins= --profile= -f  linux_coredump --pid  --dump-dir  --output-file 

    ```

    or

    ```bash

    vol.py --plugins= --profile= -f  linux_coredump --pid  --dump-dir  --output-file 

    ```

Depending on how you installed volatility (from apt or github).

The plugin will output the corefile in the specified directory and with the specified file name.

### NOTES

* The --plugins option must be the first option.

* The plugin may require some time for processes that use a lot of memory (up to 15-20 minutes).

* The volatility version installed using apt differs from the one present in [github](https://github.com/volatilityfoundation/volatility). This latter version probably has a bug and does not show the name of the process memory mappings.