Volatility 3 Framework (v 2.0.0-beta.1) Requirements

Very quick post, mostly notes for myself. When using Volatility 3 you might noticed that some plugins cannot be loaded

# ./vol.py -h
[...]
The following plugins could not be loaded (use -vv to see why): volatility.plugins.windows.cachedump, volatility.plugins.windows.callbacks, volatility.plugins.windows.hashdump,
volatility.plugins.windows.lsadump, volatility.plugins.windows.svcscan, volatility.plugins.windows.vadyarascan, volatility.plugins.windows.verinfo, volatility.plugins.yarascan

If you use -vv, you'll see a bunch of debug messages that are pretty clear, e.g. No module named 'yara' Seems simple enough, but I had to do just a bit of hunting. pip3 install yara caused errors, that's not the correct package. Turns out Volatility 3 is looking for yara-python. Instead of crypto, or even crypto-python, it wants pycrypto (of course). So then for pefile it must be pefile-python or pypefile right? Nope, that one actually is pefile...

pip3 install yara-python
pip3 install pycrypto
pip3 install pefile

All plugins should load now. Enjoy.