Delete comment from: Push the Red Button
The easiest way to install it is to extract the zipfile or tarball directly into the Volatility directory -- not all the folders go into the base directory. After unpacking, you should have these files, in these locations (assuming your Volatility directory is called Volatility-1.3_Beta):
Volatility-1.3_Beta/memory_plugins/registry/cachedump.py
Volatility-1.3_Beta/memory_plugins/registry/hashdump.py
Volatility-1.3_Beta/memory_plugins/registry/hivedump.py
Volatility-1.3_Beta/memory_plugins/registry/hivelist.py
Volatility-1.3_Beta/memory_plugins/registry/hivescan2.py
Volatility-1.3_Beta/memory_plugins/registry/lsadump.py
Volatility-1.3_Beta/memory_plugins/registry/printkey.py
Volatility-1.3_Beta/memory_objects/Windows/registry.py
Volatility-1.3_Beta/forensics/win32/regtypes.py
Volatility-1.3_Beta/forensics/win32/rawreg.py
Volatility-1.3_Beta/forensics/win32/lsasecrets.py
Volatility-1.3_Beta/forensics/win32/hive2.py
Volatility-1.3_Beta/forensics/win32/hashdump.py
Volatility-1.3_Beta/forensics/win32/domcachedump.py
Volatility-1.3_Beta/forensics/win32/regdump.py
Jun 1, 2009, 10:37:03 AM
Posted to Registry Code Updates