Tweet
Volatility Workbench v3.0.1007, based on Volatility 3 2.7.0, has been released:
https://www.osforensics.com/tools/vo...workbench.html
Any feedback is welcome.
https://www.osforensics.com/tools/vo...workbench.html
Any feedback is welcome.
-
-
thank you so much simonComment
-
I am unable to see all plugins in Volatility Workbench 3, such as the Dump plugins. Are there any specific requirements needed?
Comment
-
Hi,
I've encountered an issue with Volatility Workbench 3 where not all plugins, such as the Dump plugins, are visible (as mentioned above). Despite trying two different versions, including the latest one, the problem persists. Are there any solutions or specific requirements needed to resolve this issue?
Comment
-
There are no additional requirements, some commands were disabled probably due to not working properly within the workbench.
Testing some of the disabled commands seem to work ok. We'll look at re-enabling them in a future release.
As a alternative, you can run all commands through vol.exe until then.Comment
-
Great, thank you for the update.Comment
-
Volatility 3 2.8.0 Latest- New plugins:
- vmscan
- linux.netfilter
- windows.hollowprocesses
- windows.kpcrs
- windows.pedump
- windows.processghosting
- windows.psxview
- windows.registry.getcellroutine
- windows.shimcachemem
- windows.suspicious_threads
- windows.svcdiff
- windows.svclist
- windows.threads
- windows.timers
- windows.unloadedmodules
- Improvements to:
- userassist with timeliner support
- bugfixes and additions to windows.modules and windows.modscan
- windows.callbacks plugin to support more callbacks
- Smear protection on windows
- Clearing the cache
- Intel layer
- Clang no longer using long unsigned int for pointers
- argcomplete support
Volatility 3 now uses features that require a minimum version of python >= 3.7.3.
I would love to get my hands on a new windows binary soon.
Kind RegardsComment
- New plugins:
-
Volatility Workbench v3.0.1009, based on Volatility 3 2.8.0, has been released:
https://www.osforensics.com/tools/vo...workbench.html
Any feedback is welcome.Comment
-
Volatility 3 2.11.0- New Plugins:
- linux.boottime
- linux.ebpf
- linux.hidden_modules
- linux.kthreads
- linux.pagecache
- linux.pidhashtable
- linux.ptrace
- windows.amcache
- windows.cmdscan
- windows.consoles
- windows.debugregisters
- windows.orphan_kernel_threads
- windows.pe_symbols
- windows.scheduled_tasks
- windows.unhoooked_system_calls
- Improvements to:
- Output formatting and filtering in the CLI
- Additional architecture data files for vmscan
- Note: Python 3.8 is now the minimum supported version of python
Comment
- New Plugins:
-
Volatility Workbench v3.0.1010, based on Volatility 3 2.11.0, has been released:
https://www.osforensics.com/tools/vo...workbench.html
Any feedback is welcome.Comment
-
I just started using it. So far there's a lot pros. Faster than py version of vol in both running commands and execution time.Originally posted by Simon (PassMark) View Post
I found 1 bug:
If you clear logs and run a new command, the save to file option will still include the items you cleared.
But otherwise i'm loving it.
Did stuck with a linux memory symbols issue but i raised that in another thread. That's probably user error.
And btw thanks a lot for the tool!Comment
-
Thanks for letting us know, this will be fixed in the next releaseOriginally posted by hbguru View PostComment
Comment