View Full Version : request for firewire memory tools

2014-03-06, 17:18
I just downloaded Kali, because I'd seen a reference elsewhere that it contained the Inception Firewire memory exploitation tool. Unfortunately, this information appears to have been an error. nonetheless, it would most certainly make an excellent addition to Kali. I've installed it on a booted livecd install, and it seems to work OK. In addition, the version of Volatility you have installed doesn't work for Firewire acquisitions, because you don't have the forensic1394 library installed. This also works fine if you put it on, so I'd think it would make sense for you to do so.

Inception is available from http://www.breaknenter.org/projects/inception/
Specific install instructions taken from that website are as follows:

apt-get install git cmake python3 g++
wget http://freddie.witherden.org/tools/libforensic1394/releases/libforensic1394-0.2.tar.gz
tar xvf libforensic1394-0.2.tar.gz
cd libforensic1394-0.2
cmake CMakeLists.txt
make install
cd python
python3 setup.py install
cd ../..
git clone https://github.com/carmaa/inception.git
cd inception

Note that these instructions only install the forensic1394 library for python3, and they place it in /usr/local rather than /usr, so Volatility is still unable to make use of it.

To install the forensic1394 library so Volatilaty can use it, change the above cmake command to:

cmake -DCMAKE_INSTALL_PREFIX:PATH=/usr CMakeLists.txtand change the python install command to:

python setup.py install --prefix=/usrAfter doing these steps, both Volatility and Inception seem to work correctly. Any chance of getting these tools incorporated into the standard Kali distribution? I think having the ability to plug in and instantly unlock systems from your laptop would be a real boon to penetration testers in general. It's also a very useful memory imaging capability.