Good Day,
Has anyone been successful in acquiring a clean memory dump from an Amazon Linux EC2 instance (Amazon Linux 2023)? Creating/Running it through a custom profile in Volatility2/3 ?
I have tried to do this utilizing LiME, I get some error messages, such as
- Skipping BTF generation …. Due to unavailability of vmlinux
If I then source the vmlinux file and put in the required directory which ‘make’ looks for I then get the following error:
- /bin/sh: line1: ./tools/bpf/resolve_btfids/resolve_btfids: No such file or directory
Â
I have tried creating custom profiles using Volatility 2 and 3 and it never works when reading the memory dump. Either the memory dump is not good or the profile just can load the kernel correctly.
I believe I have installed all the relevant kernel headers, debug tools etc.. But I can’t get this to work.
I just want to know if someone has been successful in
- Getting a clean memory dump with LiME with no errors
- Creating a custom profile for the memory dump with Volatility
Â
Any input would be much appriciated.
