See below for a more detailed list of the changes in this version. Download the Volatility 2. Download the Integrity Hashes. This is the first release since the publication of The Art of Memory Forensics! It adds support for Windows 10 initial , Linux kernels 4. Additionally, the unified output rendering gives users the flexibility of asking for results in various formats html, sqlite, json, xlsx, dot, text, etc.
In short, less code leads to more functionality. This is especially useful for framework designers GUIs, web interfaces, library APIs , because you can interface with a plugin directly and ask for json, which you then store, process, or modify however you want. See below for a more detailed list of the changes in this version.
This release also coincides with the Community repo - a collection of Volatility plugins written and maintained by authors in the forensics community. Many of these are the result of the last 4 years of Volatility plugin contests , but some were just written for fun.
Either way, its an entire arsenal of plugins that you can easily extend into your existing Volatility installation.
Download the Integrity Hashes. New plugin to print AmCache information from the registry amcache. New plugin to print the shutdown time from the registry shutdowntime. New plugin to print editbox controls from the GUI subsystem editbox. Malfind plugin detects injected code with erased PE headers. Imagecopy and raw2dmp can display the number of bytes copied or converted. Enjoy your day! Skip to content. This repository has been archived by the owner.
It is now read-only. Star An advanced memory forensics framework volatilityfoundation. Branches Tags. Could not load branches. Could not load tags. Open pull request. Latest commit. Git stats 2, commits. Failed to load latest commit information.
0コメント