A bucket should be created in your GCP Storage before running Docker command for DumpItForLinux.
To be able to interact with the Google Cloud Platform through DumpItForLinux, you will need a service account and a credential file in JSON format. Please check the official documentation for service accounts and credential files in this link: https://cloud.google.com/iam/docs/creating-managing-service-account-keys You can optionally generate and download the credential file using gcloud CLI commands. Inside the CLI, log in to your GCP account.
gcloud auth login
You will be prompted with a link to authenticate you as a GCP user. Open that link, login with your GCP account and copy the code provided. Paste it in the console to finish the authentication process.
Set the GCP project you are working on by using the following command.
gcloud config set project [PROJECT_ID]
Create a service account.
gcloud iam service-accounts create [YOUR_SERVICE_ACCOUNT_NAME] gcloud projects add-iam-policy-binding [PROJECT_ID] --member “serviceAccount: [YOUR_SERVICE_ACCOUNT_NAME]@[PROJECT_ID].iam.gserviceaccount.com” --role "roles/owner"
Create a service account key.
gcloud iam service-accounts keys create /tmp/[FILE_NAME].json --iam-account [YOUR_SERVICEACCOUNT_NAME]@[PROJECT_ID].iam.gserviceaccount.com
Install the latest version of Docker to be able to run the free containerized version of DumpItForLinux.
sudo apt install docker.io
Run the DumpItForLinux commands using docker with “–snap-it” and “–action upload-gcp” flag. You need to provide the path to the json file that contains your service account key and the bucket name.
sudo docker run -v /tmp/[FILE_NAME].json:/tmp/[FILE_NAME].json --privileged comaeio/dumpit-linux --snap-it --action upload-gcp --gcp-creds-file /tmp/[FILE_NAME].json --bucket [BUCKET_NAME]
DumpItForLinux will upload the preprocessed data to your specified GCP Storage bucket.
To upload a full memory image to GCP Storage, replace the
--snap-it flag with
--dump-it using the same docker command.