Volatility3 Linux ISF Server
This site contains
1327 pre-generated symbol packs for a range
kernels on Ubuntu, Debian and other distros. You can search for the full banner as shown in
banners.Banners plugin or search for the Kernel version
uname -r. If
the pack exists you will be
provided with a download link to the ISF Table file as a json.xz file. These links are only valid for 1
hour then you will have to search again
vol -f /path/to/myimage.raw linux.banners.Banners. Then copy each of the outputs and try the search above with the Banner option.
Alternativly if you have access to the host you can run
uname -rand search for that using the Kernel option of the search.
If there is a matching download then grab it and place it in the
symbols/linuxpath of your volatility3 installation.
dwarf2jsontool and access to a matching OS & kernel more details can be found here.
You can sometimes find me loitering on the Volatility Slack Server feel free to ask me or anyone else for help.
REMOTE_ISF_URLconstant and set it to
'https://volatility3-symbols.s3.eu-west-1.amazonaws.com/banners.json'. Volatility3 should now be able to automatically cache and retrieve any required symobl files from the remote server, no need to manually search