Announcement

**Simon (PassMark)** · Jun-04-2025, 04:50 AM

Volatility Workbench v3.0.1012, based on Volatility 3 2.26.0, has been released:
https://www.osforensics.com/tools/vo...workbench.html

Any feedback is welcome.

**Berkev Harunyam** · Oct-04-2025, 05:26 AM

Volatility 3 2.26.2

New plugin:
- windows.etwpatch
volshell now supports breakpoints (also known as watchpoints) that can be applied to a specific layer and offset that will break into python at the point the layer read occurs on that offset.
Various fixes across multiple plugins
Improved documentation in many areas

**Simon (PassMark)** · Oct-08-2025, 01:14 AM

Volatility Workbench v3.0.1014, based on Volatility 3 2.26.2, has been released:
https://www.osforensics.com/tools/vo...workbench.html

Any feedback is welcome.

**Berkev Harunyam** · Feb-03-2026, 12:09 PM

Volatility 3 2.27.0 Latest

New plugin:
- windows.pebmasquerade
Improved linux.malfind and linux.lsof
Slightly improved pdb scanning
Fixed linux mount enumeration
Behind the scenes improvements on the framework
Added arrow/parquet format renderer
Enhanced windows.dlllist plugin
Improved windows.vadyarascan plugin
Windows executable included as part of the release cycle

Known issues

There is a known issue affecting volatility3's ability to handle certain specific Windows 11 images.
A fix should be included in the next release, see #1929 for more.
The arrow/parquet support is NOT included in the windows binary file for this release.
This should be resolved by the next release, see #1936 for more.

Announcement

Volatility Workbench

Comment

Comment

Comment

Comment