Laman

Installing Rekall in Ubuntu 20.04

So, taking note from Rekall Forensic website.

What is Rekall?

"Rekall is an advanced forensic and incident response framework. While it began life purely as a memory forensic framework, it has now evolved into a complete platform.  Rekall implements the most advanced analysis techniques in the field, while still being developed in the open, with a free and open source license. Many of the innovations implemented within Rekall have been published in peer reviewed papers.

Rekall provides an end-to-end solution to incident responders and forensic analysts. From state of the art acquisition tools, to the most advanced open source memory analysis framework. Rekall at a glance."

In short, rekall is just like Volatility, which you can get from here. Now let's get started on how to install Rekall in Ubuntu 20.04

Installing

1. Requirement

  • Rekall-1.7.0rc1
  • Python 2.7
  • Python pip
  • wheel==0.34.2
  • pyasn1==0.4.8
  • rsa==3.1.4

2. Instaliing Prerequisite

  1. Installing Python 2.7 and its family
    2. $ sudo apt install python python-dev libssl-dev libncurses5-dev unzip -y
  2. Installing Python 2.7 pip
    3. $ wget https://bootstrap.pypa.io/pip/2.7/get-pip.py
$ sudo python get-pip.py install
  3. Installing Python 2 virtual environtment
    4. $ pip install virtualenv

3. Installing Rekall

  1. Make Python 2.7 Virtual Environment and Activate it
    2. $ virtualenv /home/.rekall
$ source /home/.rekall/bin/activate
  2. Upgrading setuptools and pip
    3. $ pip install --upgrade setuptools pip
  3. Installing wheel, pyasn1, and rsa
    4. $ wget https://github.com/sybrenstuvel/python-rsa/archive/refs/tags/version-3.1.4.zip
$ unzip version-3.1.4.zip
$ cd python-rsa-version-3.1.4
$ python setup.py install
$ pip install wheel==0.34.2 pyasn1==0.4.8
  4. Installing Rekall 1.7.0rc1
    5. $ wget https://github.com/google/rekall/archive/refs/tags/v1.7.0rc1.zip
$ unzip v1.7.0rc1.zip
$ pip install --editable rekall-1.7.0rc1/rekall-lib
$ pip install --editable rekall-1.7.0rc1/rekall-core
$ pip install --editable rekall-1.7.0rc1/rekall-agent
$ pip install --editable rekall-1.7.0rc1

4. Done, Rekall ready to use

To use rekall simply use command rekall. But don't forget to activate the virtual environtment first!

If there's something wrong or there's problem when installing Rekall, Feel free to contact me via comment or other social media. About usage of Rekall, i'll make different post and will put the link in here.

Diposkan oleh di
Label: , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)