Installing Volatility2 in Kali Nethunter

I have been experimenting with Kali Nethunter Rootless recently. I thought of installing DFIR tools in it so I can use them when playing CTFs.

So here I am going to share how I installed Volatility2 in Kali Nethunter. Please note I don't think ARM devices can handle huge memory dumps, even checking profile of a 32MB Memory dump took quiet lot time with my phone. But it works ??

My Phone Specs are :-

Processor : Qualcomm Snapdragon 636

Ram : 6 GB

I followed this cool article to get volatility 2 installed in Nethunter. But it works well on PC , in Nethunter I had issues with yara modules. They didn't worked well. So after some time I found a fix. Follow the below steps :-

1. sudo apt install -y build-essential git libdistorm3-dev yara libraw1394-11 libcapstone-dev capstone-tool tzdata libjpeg-dev
2. sudo apt install -y python2 python2.7-dev libpython2-dev
3. curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py
4. sudo python2 get-pip.py
5. python2 -m pip install -U distorm3 yara-python pycrypto pillow openpyxl ujson pytz ipython capstone
6. sudo python2 -m pip install yara-python
7. sudo ln -s /usr/local/lib/python2.7/dist-packages/yara.so /usr/lib/libyara.so
8. python2 -m pip install -U git+https://github.com/volatilityfoundation/volatility.git

BEFORE getting yara modules fixed. You can see lots of errors at the top. When I followed the article I couldn't get libyara.so , I tried searching entire root directory but couldn't find it. Then after researching found out the correct library was yara-python. Idk why yara library works well in PC though.

AFTER FIXING

As you can see , No Errors and I can do yarascan too.

Hope you enjoyed this article.