Hi
I just added JSON output for malfind and apihooks. See:
http://code.google.com/p/volatility/issues/detail?id=305
Do you need anything else from me to get it merged upstream ? Wishes ?
Thorsten Sick
--
Thorsten Sick, Research
Avira Operations GmbH & Co. KG
Kaplaneiweg 1
88069 Tettnang
Germany
Phone: +49 7542-500 0
Fax: +49 7542-500 3000
Internet: http://www.avira.com
Hey everyone,
The 2.1 RC1 downloads are now available [1]. Per the usual, there are zip
and tar archives of the source code, a windows module installer, and a
standalone windows executable (with python and all dependencies
build-in). We ask that you test vigorously over the next 2 weeks,
especially with any x64 images, and let us know via the issue tracker [2]
if you run into any bugs. At the end of July, we'll announce the official
release of 2.1.
Also, a lot of the documentation [3] has been updated, including the FAQ,
command reference, features by plugin matrix, and roadmap, so that may be a
useful resource to you when using 2.1.
Thank you very much!
[1]. http://code.google.com/p/volatility/downloads/list
[2]. http://code.google.com/p/volatility/issues/list
[3]. http://code.google.com/p/volatility/w/list
Hi
I modified threads to also create JSON output (diff and sample attached
to bug).
http://code.google.com/p/volatility/issues/detail?id=289
Everyone who is interested in this kind of features please check the
code and give some feedback.
Thanks
Thorsten Sick
--
Thorsten Sick, Research
Avira Operations GmbH & Co. KG
Kaplaneiweg 1
88069 Tettnang
Germany
Phone: +49 7542-500 0
Fax: +49 7542-500 3000
Internet: http://www.avira.com
Hello
My name is Thorsten Sick, I am Researcher at Avira. Currently I am part
of the ITES project. This project's aim is to develop
detection/protection technology using the benefits from a guest system
running in a virtual machine. Short: Sensors in the VM and in the
hypervisor layer.
One of my first steps would be to automate Malware analysis and use some
big guns. Volatility would be a big gun. Combined with cuckoobox it
could be very powerful.
But for that volatility needs:
- A log format that could be parsed in a simple way (JSON ?) for the plugins
- Maybe some nice API to control it from Cuckoobox
I am ready to implement that. But before doing stuff only half I would
love to hear your opinion.
Especially if you have some whishes what exactly should be in those
logs, please tell me. If you maintain a plugin, please tell me. I am
ready to write the log code or we try to figure out a format and you can
code it yourself.
What I am doing here should have benefits for the community-if done right.
You can also find me in the IRC.
Thanks
Thorsten
--
Thorsten Sick, Research
Avira Operations GmbH & Co. KG
Kaplaneiweg 1
88069 Tettnang
Germany
Phone: +49 7542-500 0
Fax: +49 7542-500 3000
Internet: http://www.avira.com
