New versions & new features
by McCash John-GKJN37
Hey Folks,
I was just reading Gleeda's blog & CEIC presentation,
and was interested to discover that Volatility modules had been written
for Linux and Vista. Now I'm wondering why these modules haven't shown
up anywhere I can see them, including in the public view of the SVN
repository. After digging for a bit, I did see that they (or at least a
modified version of the Linux ones) have apparently been incorporated
into the Pyflag distribution, but that just caused me more confusion. If
they're stable enough to release as part of Pyflag, why aren't they in
the public Volatility repository?
Also, are you expecting to release an 'official' update
anytime soon? The last update available from the main Volatility page is
still 1.3_Beta. Is there some defined list of fixes or features that has
to be ready before an 'official' 1.3 version is released? Or has that
been bypassed, so that current work is really going toward 1.4? Maybe a
roadmap section would make a good addition to the main Volatility page.
I'm sure there are a lot of people who would be interested in what's
going on.
Thanks much (Sorry if I sound like I'm
ranting, you guys really have done some awesome work!)
John
----------------------------------------------------------
Quis custodiet ipsos custodes?... I do!
14 years, 10 months
- 3
- 3
New On this list
by Jason Reynolds
Hi!
I'm new to this list but I'd like to help on a few parts of the PE parsing apparati. I will be reviewing the source this week.
Is there any objection to a -v (verbose) flag which would output offsets to header references to the specified objects to assist
with manual image inspection?
Typically I use automated tools to an extent, but another feature I'd like to add is actual PE extraction if the executable was fully
loaded into memory (say the file self removes, or a rootkit lives only in RAM). This way we could plug things directly into objdump
or another disassembler of choice (IDA Pro here).
Thoughts? Suggestions?
Regards,
Jason Reynolds
15 years, 1 month
- 2
- 1