Volatility Workbench

**Simon (PassMark)** · Jun-06-2024, 02:16 AM

Volatility Workbench v3.0.1007, based on Volatility 3 2.7.0, has been released:
https://www.osforensics.com/tools/vo...workbench.html

Any feedback is welcome.

**dima_0007** · Jun-07-2024, 06:22 AM

thank you so much simon

**privilegedaccountname** · Jun-07-2024, 04:38 PM

I am unable to see all plugins in Volatility Workbench 3, such as the Dump plugins. Are there any specific requirements needed?

**privilegedaccountname** · Jun-10-2024, 11:58 AM

Hi,

I've encountered an issue with Volatility Workbench 3 where not all plugins, such as the Dump plugins, are visible (as mentioned above). Despite trying two different versions, including the latest one, the problem persists. Are there any solutions or specific requirements needed to resolve this issue?

**Simon (PassMark)** · Jun-11-2024, 05:42 AM

There are no additional requirements, some commands were disabled probably due to not working properly within the workbench.
Testing some of the disabled commands seem to work ok. We'll look at re-enabling them in a future release.

As a alternative, you can run all commands through vol.exe until then.

**privilegedaccountname** · Jun-11-2024, 02:33 PM

Great, thank you for the update.

**dima_0007** · Oct-10-2024, 06:23 AM

Volatility 3 2.8.0 Latest

New plugins:
- vmscan
- linux.netfilter
- windows.hollowprocesses
- windows.kpcrs
- windows.pedump
- windows.processghosting
- windows.psxview
- windows.registry.getcellroutine
- windows.shimcachemem
- windows.suspicious_threads
- windows.svcdiff
- windows.svclist
- windows.threads
- windows.timers
- windows.unloadedmodules
Improvements to:
- userassist with timeliner support
- bugfixes and additions to windows.modules and windows.modscan
- windows.callbacks plugin to support more callbacks
- Smear protection on windows
- Clearing the cache
- Intel layer
- Clang no longer using long unsigned int for pointers
- argcomplete support
Volatility 3 now uses features that require a minimum version of python >= 3.7.3.

I would love to get my hands on a new windows binary soon.
Kind Regards

**Simon (PassMark)** · Oct-28-2024, 02:39 AM

Volatility Workbench v3.0.1009, based on Volatility 3 2.8.0, has been released:
https://www.osforensics.com/tools/vo...workbench.html

Any feedback is welcome.

**dima_0007** · Jan-19-2025, 06:52 PM

Volatility 3 2.11.0

New Plugins:
- linux.boottime
- linux.ebpf
- linux.hidden_modules
- linux.kthreads
- linux.pagecache
- linux.pidhashtable
- linux.ptrace
- windows.amcache
- windows.cmdscan
- windows.consoles
- windows.debugregisters
- windows.orphan_kernel_threads
- windows.pe_symbols
- windows.scheduled_tasks
- windows.unhoooked_system_calls
Improvements to:
- Output formatting and filtering in the CLI
- Additional architecture data files for vmscan
Note: Python 3.8 is now the minimum supported version of python

**Simon (PassMark)** · Jan-24-2025, 01:54 AM

Volatility Workbench v3.0.1010, based on Volatility 3 2.11.0, has been released:
https://www.osforensics.com/tools/vo...workbench.html

Any feedback is welcome.

**hbguru** · Mar-30-2025, 02:58 PM

Originally posted by Simon (PassMark)

Volatility Workbench v3.0.1010, based on Volatility 3 2.11.0, has been released:
https://www.osforensics.com/tools/vo...workbench.html

Any feedback is welcome.

I just started using it. So far there's a lot pros. Faster than py version of vol in both running commands and execution time.

I found 1 bug:
If you clear logs and run a new command, the save to file option will still include the items you cleared.

But otherwise i'm loving it.

Did stuck with a linux memory symbols issue but i raised that in another thread. That's probably user error.

And btw thanks a lot for the tool!

**Simon (PassMark)** · Apr-01-2025, 05:23 AM

Originally posted by hbguru

I found 1 bug:
If you clear logs and run a new command, the save to file option will still include the items you cleared.

Thanks for letting us know, this will be fixed in the next release

**hbguru** · Apr-02-2025, 05:01 PM

Originally posted by Simon (PassMark)

Thanks for letting us know, this will be fixed in the next release

I appreciate that.

Here is another one:
loaded a linux vmem. symbols are installed for this.

i obtain the process list which succeeds, but still gives me an error message as it was unsuccessful. i don't get the list of commands as it think it failed.

**Simon (PassMark)** · Apr-10-2025, 01:00 AM

Originally posted by hbguru

Here is another one:
loaded a linux vmem. symbols are installed for this.

i obtain the process list which succeeds, but still gives me an error message as it was unsuccessful. i don't get the list of commands as it think it failed.

We were able to reproduce the error, this has been fixed with the latest release:
https://www.osforensics.com/tools/vo...workbench.html

**dima_0007** · May-16-2025, 08:50 PM

Volatility 3 2.26.0 Latest
This release aims to achieve functional parity with the archived and no-longer-supported Volatility 2. As such, there are a number of changes, only some of which are listed below:

New plugins

linux.graphics.fbdev
linux.ip
linux.kallsyms
linux.module_extract
linux.modxview
linux.pscallstack
linux.tracing.ftrace
linux.tracing.perf_events
linux.tracing.tracepoints
linux.vmaregexscan
linux.vmcoreinfo
mac.regexscan
windows.deskscan
windows.desktops
windows.direct_system_calls
windows.indirect_system_calls
windows.suspended_threads
windows.vadregexscan
windows.windows
windows.windowstations

Framework Changes

Modernize to pyproject.toml python packaging
New testing framework to ensure version/component requirements are fulfilled

Volatility Workbench

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment