Volatility Workbench v3.0.1012, based on Volatility 3 2.26.0, has been released:
https://www.osforensics.com/tools/vo...workbench.html
Any feedback is welcome.
-
Volatility 3 2.26.0 Latest
This release aims to achieve functional parity with the archived and no-longer-supported Volatility 2. As such, there are a number of changes, only some of which are listed below:
New plugins- linux.graphics.fbdev
- linux.ip
- linux.kallsyms
- linux.module_extract
- linux.modxview
- linux.pscallstack
- linux.tracing.ftrace
- linux.tracing.perf_events
- linux.tracing.tracepoints
- linux.vmaregexscan
- linux.vmcoreinfo
- mac.regexscan
- windows.deskscan
- windows.desktops
- windows.direct_system_calls
- windows.indirect_system_calls
- windows.suspended_threads
- windows.vadregexscan
- windows.windows
- windows.windowstations
Framework Changes- Modernize to pyproject.toml python packaging
- New testing framework to ensure version/component requirements are fulfilled
Leave a comment:
-
We were able to reproduce the error, this has been fixed with the latest release:Originally posted by hbguru View Post
https://www.osforensics.com/tools/vo...workbench.htmlLeave a comment:
-
I appreciate that.Originally posted by Simon (PassMark) View Post
Here is another one:
loaded a linux vmem. symbols are installed for this.
i obtain the process list which succeeds, but still gives me an error message as it was unsuccessful. i don't get the list of commands as it think it failed.
Leave a comment:
-
Thanks for letting us know, this will be fixed in the next releaseOriginally posted by hbguru View PostLeave a comment:
-
I just started using it. So far there's a lot pros. Faster than py version of vol in both running commands and execution time.Originally posted by Simon (PassMark) View Post
I found 1 bug:
If you clear logs and run a new command, the save to file option will still include the items you cleared.
But otherwise i'm loving it.
Did stuck with a linux memory symbols issue but i raised that in another thread. That's probably user error.
And btw thanks a lot for the tool!Leave a comment:
-
Volatility Workbench v3.0.1010, based on Volatility 3 2.11.0, has been released:
https://www.osforensics.com/tools/vo...workbench.html
Any feedback is welcome.Leave a comment:
-
Volatility 3 2.11.0- New Plugins:
- linux.boottime
- linux.ebpf
- linux.hidden_modules
- linux.kthreads
- linux.pagecache
- linux.pidhashtable
- linux.ptrace
- windows.amcache
- windows.cmdscan
- windows.consoles
- windows.debugregisters
- windows.orphan_kernel_threads
- windows.pe_symbols
- windows.scheduled_tasks
- windows.unhoooked_system_calls
- Improvements to:
- Output formatting and filtering in the CLI
- Additional architecture data files for vmscan
- Note: Python 3.8 is now the minimum supported version of python
Leave a comment:
- New Plugins:
-
Volatility Workbench v3.0.1009, based on Volatility 3 2.8.0, has been released:
https://www.osforensics.com/tools/vo...workbench.html
Any feedback is welcome.Leave a comment:
-
Volatility 3 2.8.0 Latest- New plugins:
- vmscan
- linux.netfilter
- windows.hollowprocesses
- windows.kpcrs
- windows.pedump
- windows.processghosting
- windows.psxview
- windows.registry.getcellroutine
- windows.shimcachemem
- windows.suspicious_threads
- windows.svcdiff
- windows.svclist
- windows.threads
- windows.timers
- windows.unloadedmodules
- Improvements to:
- userassist with timeliner support
- bugfixes and additions to windows.modules and windows.modscan
- windows.callbacks plugin to support more callbacks
- Smear protection on windows
- Clearing the cache
- Intel layer
- Clang no longer using long unsigned int for pointers
- argcomplete support
Volatility 3 now uses features that require a minimum version of python >= 3.7.3.
I would love to get my hands on a new windows binary soon.
Kind RegardsLeave a comment:
- New plugins:
-
There are no additional requirements, some commands were disabled probably due to not working properly within the workbench.
Testing some of the disabled commands seem to work ok. We'll look at re-enabling them in a future release.
As a alternative, you can run all commands through vol.exe until then.Leave a comment:
-
Hi,
I've encountered an issue with Volatility Workbench 3 where not all plugins, such as the Dump plugins, are visible (as mentioned above). Despite trying two different versions, including the latest one, the problem persists. Are there any solutions or specific requirements needed to resolve this issue?
Leave a comment:
-
I am unable to see all plugins in Volatility Workbench 3, such as the Dump plugins. Are there any specific requirements needed?
Leave a comment:
Leave a comment: