https://github.com/p0dalirius/docker-volatility2

A volatility 2 docker for forensic investigations
https://github.com/p0dalirius/docker-volatility2

forensics volatility

Last synced: 2 months ago
JSON representation

A volatility 2 docker for forensic investigations

• Host: GitHub
• URL: https://github.com/p0dalirius/docker-volatility2
• Owner: p0dalirius
• Created: 2023-02-06T14:00:01.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2023-10-01T19:02:40.000Z (about 2 years ago)
• Last Synced: 2025-08-07T05:45:00.183Z (2 months ago)
• Topics: forensics, volatility
• Language: Makefile
• Homepage: https://podalirius.net/
• Size: 36.1 KB
• Stars: 23
• Watchers: 2
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml

Awesome Lists containing this project

README

          
![](./.github/banner.png)



  A volatility 2 docker for forensic investigations

  


  

  

  

  




## Features

 - [x] [Volatility 2](https://github.com/volatilityfoundation/volatility) installation in a standalone container

 - [x] Mount your current working directory on the host in `/workspace/` in the container

 

## Installation

You need to install [docker](https://docs.docker.com/engine/install/ubuntu/) to use this tool. Once this is done, you can build the container and install the command by typing `make install` in this repository.

If you are using:

 - **Debian**: https://docs.docker.com/engine/install/debian/

 - **Ubuntu**, **XUbuntu**, **LUbuntu**: https://docs.docker.com/engine/install/ubuntu/

 - **Kali**: It is based on debian so you just need to follow the Debian tutorial https://docs.docker.com/engine/install/debian/.

   The only different step in the tutorial for Kali is the last command of the first step _Add the repository to Apt sources_. Don't use:

    ```sh

    # Add the repository to Apt sources:

    echo \

      "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \

      "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \

      sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

    ```

    

    But use instead:

    

    ```sh

    echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian buster stable" > /etc/apt/sources.list.d/docker.list

    ```

## Contributing

Pull requests are welcome. Feel free to open an issue if you want to add other features.