From 0ef036f48a50b4c8071b4838b944bb32a4253e03 Mon Sep 17 00:00:00 2001
From: Boris Sukholitko <boriss@gmail.com>
Date: Thu, 10 Jul 2014 21:34:23 +0300
Subject: [PATCH] Add volatility: memory forensics framework

---
 pkgs/tools/security/volatility/default.nix | 22 ++++++++++++++++++++++
 pkgs/top-level/all-packages.nix            |  2 ++
 2 files changed, 24 insertions(+)
 create mode 100644 pkgs/tools/security/volatility/default.nix

diff --git a/pkgs/tools/security/volatility/default.nix b/pkgs/tools/security/volatility/default.nix
new file mode 100644
index 000000000000..32be6aaa837d
--- /dev/null
+++ b/pkgs/tools/security/volatility/default.nix
@@ -0,0 +1,22 @@
+{ stdenv, fetchurl, buildPythonPackage, pycrypto }:
+
+buildPythonPackage rec {
+    namePrefix = "";
+    name = "volatility-2.3.1";
+
+    src = fetchurl {
+      url = "http://volatility.googlecode.com/files/${name}.tar.gz";
+      sha256 = "bb1411fc671e0bf550a31e534fb1991b2f940f1dce1ebe4ce2fb627aec40726c";
+    };
+
+    doCheck = false;
+
+    propagatedBuildInputs = [ pycrypto ];
+
+    meta = with stdenv.lib; {
+		homepage = https://code.google.com/p/volatility;
+		description = "advanced memory forensics framework";
+		maintainers = with maintainers; [ bosu ];
+		license = "GPLv2+";
+    };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 450b28bd85e5..f833986a61a8 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -2211,6 +2211,8 @@ let
 
   vacuum = callPackage ../applications/networking/instant-messengers/vacuum {};
 
+  volatility = callPackage ../tools/security/volatility { };
+
   vidalia = callPackage ../tools/security/vidalia { };
 
   vbetool = builderDefsPackage ../tools/system/vbetool {