The Expand-7zip cmdlet will extract multiple archive formats, including tar. These workarounds don't solve your particular problem, but for these that are stuck with Windows, might be useful. PeaZip and 7-Zip are two of the better free file extractors that help both opening TAR files and making TAR files, yet look at this rundown of free file extractors for various different decisions. B1 Online Archiver and WOBZIP are two other TAR openers, yet they run in your program rather than through a downloadable program.

Source code is often packed for download as a TAR (Tape ARchive) file, that is a standard format in the Unix/Linux world. These files have a .tar extension; they can also be compressed, the extension is .tar.gz or .tar.bz2 in these cases. There are several ways to unpack these files.

If you have MinGW/MSYS or Cygwin installed, you can use the tar command to unpack such files:

Extract Tar Files Windows 7everfoundry Activator

Try tar --help or see the tar man page for more information.

Another option is to install 7-Zip, which has a nice graphical user interface. 7-Zip can also be used to unpack many other formats and to create tar files (amongst others).

1. Download and install 7-Zip from 7-zip.org. If you do not want to use 7-Zip as a command line tool, skip the next steps.
2. Add the directory you installed 7-Zip into to your path (Start -> Control Panel -> System -> Advanced -> Environment Variables).
3. Move the tar file to the directory you wish to unpack into (usually the tar file will put everything into a directory inside this directory).
4. Open a command prompt, and cd to the directory.
5. If the tar file is compressed, type 7z x filename.tar.gz at the command prompt (where filename.tar.gz is the name of the compressed tar file). This results in a tar file called filename.tar
6. Type 7z x filename.tar at the command prompt (where filename.tar is the name of the tar file).

Instead of using 7-Zip on the command line, you can use the file manager and click on a .tar, .tar.gz, or.tar.bz2 file; 7-Zip will automatically start.

A simple windows command line tool (no install , just unzip)

Its hosted on codeplex tartool, complete with the source code.

1. to decompress and untar .tar.gz (.tgz) files or
2. just untar .tar files

>TarTool.exe

Usage :

>TarTool sourceFile destinationDirectory

>TarTool D:sample.tar.gz ./

>TarTool sample.tgz temp

>TarTool -x sample.tar temp

TarTool 2.0 Beta supports bzip2 files such as tar.bz2 and .bz2 extraction.

TarTool -xj sample.tar.bz2 temporTarTool -j sample.bz2

More details are on this post -- http://blog.rajasekharan.com/2009/01/16/tartool-windows-tar-gzip-tgz-extraction-tool/

Today I want to briefly take up a topic already addressed in a previous post: analysis of Windows 10 memory dumps using Volatility 2.

In my previous article, I’ve recommended to use a FireEye‘s custom version of Volatility[1], with additional profiles specific to Windows 10 memory dumps.

However, this version is now little updated, and also the official version on Volatility 2 has been updated with profiles for latest Windows 10 version.

In a recent commit [2], has been added a profile for Windows 10 19041:

So, my suggestion in now to use directly the official release of Volatility available on GitHub[3].

How to install Volatility

from Official Wiki:

Getting Volatility

You can get the source code by either downloading a stable release or cloning from github. To do the latter, type:

This will create a volatility folder that contains the source code and you can run Volatility directory from there.

Installing Volatility

If you’re using the standalone Windows, Linux, or Mac executable, no installation is necessary – just run it from a command prompt. No dependencies are required, because they’re already packaged inside the exe.

If you’re using the Pyinstaller (Windows-only) executable, double click and follow through with the installation instructions (which basically consists of clicking Next a few times and then Finish). You must already have a working Python 2.7. Also see below for the dependency libraries.

If you downloaded the zip or tar source code archive (Windows, Linux, OSX) there are two ways to “install” the code:

1. Extract the archive and run setup.py. This will take care of copying files to the right locations on your disk. Running setup.py is only necessary if you want to have access to the Volatility namespace from other Python scripts, for example if you plan on importing Volatility as a library. Pros: easy use as a library. Cons: more difficult to upgrade or uninstall.
2. Extract the archive to a directory of your choice. When you want to use Volatility just do python /path/to/directory/vol.py. This is a cleaner method since no files are ever moved outside of your chosen directory, which makes it easier to upgrade to new versions when they’re released. Also, you can easily have multiple versions of Volatility installed at the same time, by just keeping them in separate directories (like /home/me/vol2.0 and /home/me/vol2.1). Pros: clean, easy to run multiple versions, easy to upgrade or uninstall. Cons: more difficult to use as a library.

Extract Tar Files In Linux

Dependencies

This section does not apply to the standalone Windows executable, because the dependent libraries are already included in the exe. Also please note the majority of core Volatility functionality will work without any additional dependencies as well. You will only need to install packages if you plan on using specific plugins that leverage those packages (see recommended dependencies), or if you want to enhance your experience (see optional dependencies). Note: for Linux you may have to install a few other packages/libraries as prerequisites for the following recommended packages (Example: apt-get install pcregrep libpcre++-dev python-dev -y)

Recommended packages

For the most comprehensive plugin support, you should install the following libraries. If you do not install these libraries, you may see a warning message to raise your awareness, but all plugins that do not rely on the missing libraries will still work properly.

• Distorm3 – Powerful Disassembler Library For x86/AMD64
  • Dependent plugins
    • apihooks
    • callbacks
    • impscan
    • kdbgscan, pslist, modules etc for Windows 8/2012 machines
    • the disassemble command in volshell, linux_volshell, and mac_volshell
• Yara – A malware identification and classification tool
  • Dependent plugins
    • yarascan, linux_yarascan, mac_yarascan
  • Note: get yara from the project’s main website, do not install it with pip.
  • Note: if you are on Linux, you may have to issue the following command: echo '/usr/local/lib' >> /etc/ld.so.conf && ldconfig
• PyCrypto – The Python Cryptography Toolkit
  • Dependent plugins
    • lsadump
    • hashdump
  • Note: this requires python-dev to build (unless you get pre-built binaries)
• PIL – Python Imaging Library
  • Dependent plugins
    • screenshots
• OpenPyxl – Python library to read/write Excel 2007 xlsx/xlsm files
  • Dependent plugins
    • Any plugin that has been converted to unified format (with --output=xlsx option)
• ujson – Ultra fast JSON parsing library
  • Dependent plugins: anything using --output=html

References