Announcement

Collapse
No announcement yet.

Volatility Workbench

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Volatility Workbench

    Are you going to update Volatility 3 1.0.1 for Volatility Workbench?
    thank you very much for the software

  • #2
    We are already using Volatility 3.1.1.0-beta.1. At least that was what is called at the time. But their old numbing doesn't seem to make sense in the context of their new numbering from the last few months. I also note that they haven't been able to get it working on Windows as a binary. "Windows binary versions will be added once a solution has been found to all pyinstaller packages being identified as malware".

    But yes, we are a few months behind and it needs to be updated. It is on out to do list.


    Comment


    • #3
      Are you going to update Volatility 3 2.0.0 for Volatility Workbench?
      thank you very much for the software

      Volatility 3 2.0.0 Latest
      released this 16 days ago

      Highlights for this release:

      New plugins such as:
      Windows networking plugins
      Windows crashinfo and skeleton_key_check
      Linux kmsg plugin
      New layers: AVML and LeechCore
      QEMU layer performance optimization
      Improved access to Windows library symbols
      Better offline and remote support
      Improved documentation
      Improved working with python requirements
      Drop support for python 3.5

      Comment


      • #4
        According to their web site V3.1 is current. (which now confusingly seems to be called, Volatility 3 v1.0.0)
        https://www.volatilityfoundation.org/releases-vol3

        But yes, this doesn't match Github, which has Volatility 3 v2.0.0
        https://github.com/volatilityfoundat...lity3/releases

        Still doesn't seem to be any Windows executable binary either.

        We'll have a look at it when we get time.

        Update: Volatility Workbench v3.0.1003 with Windows binary was released based on code from July 18, 2022

        Comment


        • #5
          hi; David
          Volatility 3 2.4.0 is released, can you update the software? Thank you

          https://github.com/volatilityfoundat...lity3/releases

          For the 2.4.0 release, the major version has jumped a few numbers for compatibility, but this is the next release including the following:
          • New plugins
            • linux.mountinfo
            • linux.psaux
            • windows.devicetree
            • windows.joblinks
            • windows.ldrmodules
            • windows.mbrscan
            • windows.mftscan
            • windows.sessions
          • Introduced the concept of modules and module requirements
          • Unified symbol handling and ISF file caching between OS versions
          • Better QEVM support (fixed the QEMU PCI hole)
          • Exposed an API for automatic PDB symbol table use
          • Improved contributed documentation
          • Various bug fixes and changes across the codebase
          ​​

          Comment


          • #6
            We'll include another update in conjunction with the next major release of OSF.

            Comment


            • #7
              hi; David
              At what stage is the Volatility Workbench update? Are you going to do a new update?
              thank you

              Comment


              • #8
                Hi David,
                Volatility Workbench is sticking out as by providing Windows-versions of Volatility3 ever since. Please Keep it up! This is great work and really appreciated. One reason I choose OSF commercially.

                I license OSF commercially and would love to get the current release of Volatility 3 2.4.0 with proper dependencies (including python-yara 4.x) compiled into a windows binary, As usually a memory dump is accompanied with a disk image. The Workbench is fine but sometimes it is more handsome to do stuff directly on the command line. Also for batch processing and so on. Virtualenv is not allways the best solution.

                Those added modules in vol 3 2.4.0 are really important
                • windows.devicetree
                • windows.joblinks
                • windows.ldrmodules
                • windows.mbrscan
                • windows.mftscan
                • windows.sessions
                ​I would love to get my hands on a new windows binary soon.
                Kind Regards

                Comment


                • #9
                  Volatility Workbench v3.0.1004 has been released, updated to work with Volatility 3 2.4.0:
                  https://www.osforensics.com/tools/vo...workbench.html

                  Any feedback is welcome.

                  Comment


                  • #10
                    Hi David,

                    Volatility3 2.4.1 new version

                    Those added modules in vol 3 2.4.1 are really important
                    • New plugins:
                      • linux.sockstat
                      • linux.iomem
                      • linux.psscan
                      • linux.envars
                      • windows.drivermodule
                      • windows.vadwalk
                    • Pid filtering for Windows pstree plugin
                    • Minor fixes for Windows callbacks plugin
                    • Minimum Python version was increased to 3.7
                    • Python-snappy dependency was replaced with ctypes to ease installation
                    • Whole codebase was reformatted with black
                    • Faster release cycle (targetting every 4 months)

                    ​​I would love to get my hands on a new windows binary soon.
                    Kind Regards​

                    Comment


                    • #11
                      hi; David
                      Volatility 3 2.5.0 Latest
                      • New plugins:
                        • Linux capabilities plugin
                      • Linux process dumping
                      • Add support for Xen ELF file format
                      • Improved Linux subsystem support
                      • Added tutorials to the documentation
                      • Improved core API
                      ​​​I would love to get my hands on a new windows binary soon.
                      Kind Regards​​

                      Comment


                      • #12
                        Hi there;

                        5 days ago there was a major enhancement of volatility3 with the version 2.5.2
                        link: https://github.com/volatilityfoundat...ses/tag/v2.5.2

                        Are you going to integrate it with full python-yara support in the standalone Volatility workbench or OSF 11 as a windows binary?

                        Kind Regards

                        Comment


                        • #13
                          V2.5.0 to V2.5.2 doesn't seem like that major of an upgrade?

                          Comment


                          • #14
                            Well V2.5.2 will be obviously the stable version until the Blackhat conference in August 2024. And since 2.5.0 in late September 2023 (5 month ago) there have been numerous stability enhancements under the hood.

                            But the most important new feature of V2.5.2 is:
                            There are 2 new FileLayers added, that make it possible to use the S3-buckets on Amazon natively and also GCS-storage in Google's cloud.
                            This adds remote analysis capability which come in very handy.

                            Kind Regards

                            Comment


                            • #15
                              Volatility 3 2.7.0
                              • New plugins:
                                • windows.iat
                                • windows.truecrypt
                                • linux.library_list
                                • mac.dmesg
                              • Support for configuration files for common CLI options
                              • windows.driverirp: Report IRP entries that point inside a hidden module
                              • windows.thrdscan: Improvements
                              • linux.kmsg: Supports older kernels
                              • mac.maps: Add process dump support
                              • Support for Python 3.12
                              ​​​​I would love to get my hands on a new windows binary soon.
                              Kind Regards​​​

                              Comment

                              Working...
                              X