[Vol-users] Volatility 2.3 Released! (Official Mac OS X and Android Support)

https://code.google.com/p/volatility/ The Volatility Foundation is thrilled to announce the official release of Volatility 2.3! While the main goal of this release was Mac OS X (x86, x64) and Android Arm support, we also included a number of other exciting new capabilities! Highlights of this release include: Mac OS X: * New MachO address space for 32-bit and 64-bit Mac memory samples * Over 30+ plugins for Mac memory forensics Linux/Android: * New ARM address space to support memory dumps from Linux and Android devices on ARM hardware * Plugins to scan Linux process and kernel memory with yara signatures, dump LKMs to disk, and check TTY devices for rootkit hooks * Plugins to check the ARM system call and exception vector tables for hooks Windows: * New plugins: - Parse IE history/index.dat URLs - Recover shellbags data - Dump cached files (exe/pdf/doc/etc) - Extract the MBR and MFT records - Explore recently unloaded kernel modules - Dump SSL private and public keys/certs - Display details on process privileges - Detect poison ivy infections - Find and decrypt configurations in memory for poison ivy, zeus v1, zeus v2 and citadelscan 1.3.4.5 * Plugin Enhancements: - Apihooks detects duqu style instruction modifications - Crashinfo displays uptime, systemtime, and dump type - Psxview plugin adds two new sources of process listings from the GUI APIs - Screenshots plugin shows text for window titles - Svcscan automatically queries the cached registry for service dlls - Dlllist shows load count to distinguish between static and dynamic loaded dlls New Address Spaces: * VirtualBox ELF64 core dumps * VMware saved state (vmss) * VMware snapshot (vmsn) files * FDPro's non-standard HPAK format * New plugins: vboxinfo, vmwareinfo, hpakinfo, hpakextract We also wanted to take this opportunity to recognize those on the development team who's continued dedication to open source forensics and the Volatility community has made this release possible: Mike Auty, Andrew Case, Michael Hale Ligh, Jamie Levy, and AAron Walters. These people volunteer their time and skills to bring you the most advanced and innovative memory forensics framework in the world! If you appreciate the hard work they put into Volatility, I encourage you help defend the rights of open source developers and support developer endorsed events! Finally, shoutz to the Volatility Community for their continued support and feedback! In particular, the following members of the Volatility community made significant contributions to this release: - Cem Gurkok for his work on the privileges plugin for Windows - Nir Izraeli for his work on the VMware snapshot address space (see also the vmsnparser project) - @osxmem of the volafox project (Mac OS X & BSD Memory Analysis Toolkit) - @osxreverser of reverse.put.as for his help with OSX memory analysis - Carl Pulley for numerous bug reports, example patches, and plugin testing - Andreas Schuster for his work on poison ivy plugins for Windows - Joe Sylve for his work on the ARM address space and significant contributions to linux and mac capabilities - Philippe Teuwen for his work on the virtual box address space - Santiago Vicente for his work on the citadel plugins for Windows If you want to learn more about Volatility 2.3 or just hang out with the Volatility development team, I encourage you to register for the Open Memory Forensics Workshop 2013. Please register quickly, we will be ending registration by COB Friday, October 25 (Today). There have been a couple last minute cancellations, so you may still have a chance to reserve a seat!