Announcement

Collapse
No announcement yet.

Volatility Workbench

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • privilegedaccountname
    replied
    Great, thank you for the update.

    Leave a comment:


  • Simon (PassMark)
    replied
    There are no additional requirements, some commands were disabled probably due to not working properly within the workbench.
    Testing some of the disabled commands seem to work ok. We'll look at re-enabling them in a future release.

    As a alternative, you can run all commands through vol.exe until then.

    Leave a comment:


  • privilegedaccountname
    replied
    Hi,

    I've encountered an issue with Volatility Workbench 3 where not all plugins, such as the Dump plugins, are visible (as mentioned above). Despite trying two different versions, including the latest one, the problem persists. Are there any solutions or specific requirements needed to resolve this issue?

    Leave a comment:


  • privilegedaccountname
    replied
    I am unable to see all plugins in Volatility Workbench 3, such as the Dump plugins. Are there any specific requirements needed?

    Click image for larger version

Name:	image.png
Views:	28
Size:	86.5 KB
ID:	57178

    Leave a comment:


  • dima_0007
    replied
    thank you so much simon

    Leave a comment:


  • Simon (PassMark)
    replied
    Volatility Workbench v3.0.1007, based on Volatility 3 2.7.0, has been released:
    https://www.osforensics.com/tools/vo...workbench.html

    Any feedback is welcome.​

    Leave a comment:


  • dima_0007
    replied
    Volatility 3 2.7.0
    • New plugins:
      • windows.iat
      • windows.truecrypt
      • linux.library_list
      • mac.dmesg
    • Support for configuration files for common CLI options
    • windows.driverirp: Report IRP entries that point inside a hidden module
    • windows.thrdscan: Improvements
    • linux.kmsg: Supports older kernels
    • mac.maps: Add process dump support
    • Support for Python 3.12
    ​​​​I would love to get my hands on a new windows binary soon.
    Kind Regards​​​

    Leave a comment:


  • vol3-user
    replied
    Well V2.5.2 will be obviously the stable version until the Blackhat conference in August 2024. And since 2.5.0 in late September 2023 (5 month ago) there have been numerous stability enhancements under the hood.

    But the most important new feature of V2.5.2 is:
    There are 2 new FileLayers added, that make it possible to use the S3-buckets on Amazon natively and also GCS-storage in Google's cloud.
    This adds remote analysis capability which come in very handy.

    Kind Regards

    Leave a comment:


  • David (PassMark)
    replied
    V2.5.0 to V2.5.2 doesn't seem like that major of an upgrade?

    Leave a comment:


  • vol3-user
    replied
    Hi there;

    5 days ago there was a major enhancement of volatility3 with the version 2.5.2
    link: https://github.com/volatilityfoundat...ses/tag/v2.5.2

    Are you going to integrate it with full python-yara support in the standalone Volatility workbench or OSF 11 as a windows binary?

    Kind Regards

    Leave a comment:


  • dima_0007
    replied
    hi; David
    Volatility 3 2.5.0 Latest
    • New plugins:
      • Linux capabilities plugin
    • Linux process dumping
    • Add support for Xen ELF file format
    • Improved Linux subsystem support
    • Added tutorials to the documentation
    • Improved core API
    ​​​I would love to get my hands on a new windows binary soon.
    Kind Regards​​

    Leave a comment:


  • dima_0007
    replied
    Hi David,

    Volatility3 2.4.1 new version

    Those added modules in vol 3 2.4.1 are really important
    • New plugins:
      • linux.sockstat
      • linux.iomem
      • linux.psscan
      • linux.envars
      • windows.drivermodule
      • windows.vadwalk
    • Pid filtering for Windows pstree plugin
    • Minor fixes for Windows callbacks plugin
    • Minimum Python version was increased to 3.7
    • Python-snappy dependency was replaced with ctypes to ease installation
    • Whole codebase was reformatted with black
    • Faster release cycle (targetting every 4 months)

    ​​I would love to get my hands on a new windows binary soon.
    Kind Regards​

    Leave a comment:


  • Simon (PassMark)
    replied
    Volatility Workbench v3.0.1004 has been released, updated to work with Volatility 3 2.4.0:
    https://www.osforensics.com/tools/vo...workbench.html

    Any feedback is welcome.

    Leave a comment:


  • vol3-user
    replied
    Hi David,
    Volatility Workbench is sticking out as by providing Windows-versions of Volatility3 ever since. Please Keep it up! This is great work and really appreciated. One reason I choose OSF commercially.

    I license OSF commercially and would love to get the current release of Volatility 3 2.4.0 with proper dependencies (including python-yara 4.x) compiled into a windows binary, As usually a memory dump is accompanied with a disk image. The Workbench is fine but sometimes it is more handsome to do stuff directly on the command line. Also for batch processing and so on. Virtualenv is not allways the best solution.

    Those added modules in vol 3 2.4.0 are really important
    • windows.devicetree
    • windows.joblinks
    • windows.ldrmodules
    • windows.mbrscan
    • windows.mftscan
    • windows.sessions
    ​I would love to get my hands on a new windows binary soon.
    Kind Regards

    Leave a comment:


  • dursun_0007
    replied
    hi; David
    At what stage is the Volatility Workbench update? Are you going to do a new update?
    thank you

    Leave a comment:

Working...
X