Volatility-1.2.1pre
by AAron Walters
We are getting ready to release Volatility-1.2. If you have some changes you
would like to see in this release, please let me know by the end of the week.
If you are interested in testing the release candidate, send me an email. I've
included the CHANGELOG for this release:
CHANGELOG
09.21.2007 Volatility-1.2.1pre awalters
* New Module: usrdmp
Files:
vmodules.py
Description:
Dumps a processes address space. Thanks Eoghan Casey.
09.20.2007 Volatility-1.2pre awalters
* New Module: modscan
Files:
vmodules.py
forensics/win32/scan.py
forensics/win32/globals.py
Description:
Performs a linear scan for memory resident Windows modules.
Contributed by Andreas Schuster.
* New Module: memmap
Files:
vmodules.py
forensics/x86.py
Description:
Provides a map of the virtual to physical address translations
within a particular address space. Based on similar tools by
Andreas Schuster (memdump.pl) and Brendan Dolan-Gavitt
(memdump.py).
* New Module: dmpchk
Files:
vmodules.py
forensics/win32/crash_addrspace.py
Description:
Prints auxiliary information about the crash dump file.
* New Module: WindowsCrashDumpSpace32
Files:
forensics/x86.py
forensics/win32/crash_addrspace.py
Description:
Provides the ability to use crash dumps as input to Volatility.
This is accomplished through the use of stackable address spaces.
Contributions from Andreas Schuster.
* New Feature: get_available_pages()
Files:
forensics/x86.py
Description:
This functions allows an investigator to find all available pages
within a particular address space. Thanks Brendan Dolan-Gavitt.
* New Feature: zread()
Files:
forensics/x86.py
forensics/addrspace.py
forensics/win32/crash_addrspace.py
Description:
Added the ability to continuing reading even if pages are
unavailable. Invalid pages are replaced with zeros. Thanks Brendan
Dolan-Gavitt.
thanks,
AW
18 years
- 1
- 0