Volatility 2.2 RC1 is available for download! This release includes over 50 new plugins and the new LiME address space. About 35 plugins are for support of 32- and 64-bit Linux kernels 2.6.11 - 3.5 on distributions such as Ubuntu, CentOS, Fedora, OpenSuSE, and Mandriva. About 14 are for analyzing undocumented kernel data structures in win32k/GUI space on windows. As an added bonus, there are plugins to parse event records structures, calculate service SIDs from the registry, and maybe a few additional surprises before the release. If you haven't checked recently, we've also redone the wiki entirely for better organization and documentation. There are two pages specifically that you should know about for 2.2 - the main release page (with direct downloads to the code) and the linux tutorial: http://code.google.com/p/volatility/wiki/Release22 http://code.google.com/p/volatility/wiki/LinuxMemoryForensics Please note that the 2.2 command reference will remain unfinished until the proper 2.2 release. Enjoy!