Missing Linux in Volatility-1.3-Beta
by Christian Herndler
I tried to use Volatility with pyFlag which doesn't work due to the
missing Linux analysis part in Volatility. What happend with the
directory forensics/linux in Volatility ?
chris
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
16 years, 2 months
- 2
- 1
Volatility 1.3 Released!
by AAron Walters
The Volatility Team is pleased to announce the release of Volatility 1.3,
the open source memory forensics framework. The framework was recently
used to help win both the DFRWS 2008 Forensics Challenge and the Forensics
Rodeo, demonstrating its power and effectiveness for augmenting digital
investigations.
The Volatility Framework is a completely open collection of tools,
implemented in Python under the GNU General Public License, for performing
advanced memory forensics. The extraction techniques are performed
completely independent of the system being investigated but still offer
unprecendented visibility into the run time state of the system. The
framework is intended to introduce people to the techniques and
complexities associated with extracting digital artifacts from volatile
memory samples, while providing a powerful platform for further research.
Volatility 1.3 currently supports the investigation of Microsoft Windows
XP Service Pack 2 and Service Pack 3 memory samples. Preliminary support
has also been added for the Linux operating system, making Volatility the
only cross platform memory analysis framework.
Some of the new features in Volatility 1.3 include:
* Over 14 new data view modules!
* New object model allowing easier module development and memory
exploration
* New plugin design allowing organizations to easily create, maintain, and
share modules
* New object oriented scanning infrastructure (Very Fast!)
* Process graphing capabilities
* Ability to extract open registry handles
* Ability to dump a process' addressable memory
* Ability to extract executables from memory samples
* Transparently supports a variety of sample formats (ie, CrashDump,
Hibernate, DD)
* Automated conversion between sample formats
* New scanning modules (ie, modules)
* Support for XP SP3
Special thanks to Brendan Dolan-Gavitt, Andreas Schuster, Michael Cohen,
and Matthieu Suiche.
Download the Volatility Framework from:
https://www.volatilityfoundation.org/default/volatility
Thanks,
The Volatility Team
16 years, 3 months
- 1
- 0