Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
License: GNU General Public License v3.0
For example: on linux, glibc 2.15 is a minimum, needed for the "process_vm_readv" syscall. That excludes older linuxes unfortunately. Now the aplication just crashes:
[2022-09-21 10:58:39,701]:[INFO] - Adding open file /lib64/security/pam_namespace.so
[2022-09-21 10:58:39,705]:[INFO] - Adding open file /usr/lib64/php/modules/gd.so
[2022-09-21 10:58:39,727]:[INFO] - Adding open file /usr/local/lib/python3.6/lib-dynload/_struct.cpython-36m-x86_64-linux-gnu.so
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/varc.py", line 43, in <module>
extract_dumps=args.extract_dumps
File "/usr/local/lib/python3.6/site-packages/varc_core/systems/__init__.py", line 21, in acquire_system
return LinuxSystem(include_memory, include_open, extract_dumps)
File "/usr/local/lib/python3.6/site-packages/varc_core/systems/linux.py", line 31, in __init__
self.process_vm_readv = self.libc.process_vm_readv
File "/usr/local/lib/python3.6/ctypes/__init__.py", line 361, in __getattr__
func = self.__getitem__(name)
File "/usr/local/lib/python3.6/ctypes/__init__.py", line 366, in __getitem__
func = self._FuncPtr((name_or_ordinal, self))
AttributeError: /lib64/libc.so.6: undefined symbol: process_vm_readv
Hi,
While initially looking at the output of varc on a Linux capture, I was a bit confused about what the contents of /etc, /var and similar directories were until I realized that these just contain copies of the open files. Would it be better to have all of this under a directory such as open_files? I think it would make it clearer for anyone looking at the output. It would also mean that if you add additional functionality and capture additional files, they wouldn't be stored next to the opened file copies and can be stored in their own directories. Thanks
python3 -m pip install -r ../requirements.txt
python3 -m PyInstaller --onefile ../varc.py
PyInstaller <-- not listed in the project as a requirements.txt.
Pretty easy to install but would help and catch the error or provide a note in the batch to have users install the needed dependency.
Error:
C:\Tools\varc\release>python -m PyInstaller --onefile ../varc.py
C:\Users\user\AppData\Local\Programs\Python\Python38\python.exe: No module named PyInstaller
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.