Volatility Workbench v3.0.1012, based on Volatility 3 2.26.0, has been released:
https://www.osforensics.com/tools/vo...workbench.html
Any feedback is welcome.
Announcement
Collapse
No announcement yet.
Volatility Workbench
Collapse
X
-
Volatility 3 2.26.0 Latest
This release aims to achieve functional parity with the archived and no-longer-supported Volatility 2. As such, there are a number of changes, only some of which are listed below:
New plugins- linux.graphics.fbdev
- linux.ip
- linux.kallsyms
- linux.module_extract
- linux.modxview
- linux.pscallstack
- linux.tracing.ftrace
- linux.tracing.perf_events
- linux.tracing.tracepoints
- linux.vmaregexscan
- linux.vmcoreinfo
- mac.regexscan
- windows.deskscan
- windows.desktops
- windows.direct_system_calls
- windows.indirect_system_calls
- windows.suspended_threads
- windows.vadregexscan
- windows.windows
- windows.windowstations
Framework Changes- Modernize to pyproject.toml python packaging
- New testing framework to ensure version/component requirements are fulfilled
Leave a comment:
-
Originally posted by hbguru View PostHere is another one:
loaded a linux vmem. symbols are installed for this.
i obtain the process list which succeeds, but still gives me an error message as it was unsuccessful. i don't get the list of commands as it think it failed.
https://www.osforensics.com/tools/vo...workbench.html
Leave a comment:
-
Originally posted by Simon (PassMark) View Post
Thanks for letting us know, this will be fixed in the next release
Here is another one:
loaded a linux vmem. symbols are installed for this.
i obtain the process list which succeeds, but still gives me an error message as it was unsuccessful. i don't get the list of commands as it think it failed.
Leave a comment:
-
Originally posted by hbguru View PostI found 1 bug:
If you clear logs and run a new command, the save to file option will still include the items you cleared.
Leave a comment:
-
Originally posted by Simon (PassMark) View PostVolatility Workbench v3.0.1010, based on Volatility 3 2.11.0, has been released:
https://www.osforensics.com/tools/vo...workbench.html
Any feedback is welcome.
I found 1 bug:
If you clear logs and run a new command, the save to file option will still include the items you cleared.
But otherwise i'm loving it.
Did stuck with a linux memory symbols issue but i raised that in another thread. That's probably user error.
And btw thanks a lot for the tool!
Leave a comment:
-
Volatility Workbench v3.0.1010, based on Volatility 3 2.11.0, has been released:
https://www.osforensics.com/tools/vo...workbench.html
Any feedback is welcome.
Leave a comment:
-
Volatility 3 2.11.0- New Plugins:
- linux.boottime
- linux.ebpf
- linux.hidden_modules
- linux.kthreads
- linux.pagecache
- linux.pidhashtable
- linux.ptrace
- windows.amcache
- windows.cmdscan
- windows.consoles
- windows.debugregisters
- windows.orphan_kernel_threads
- windows.pe_symbols
- windows.scheduled_tasks
- windows.unhoooked_system_calls
- Improvements to:
- Output formatting and filtering in the CLI
- Additional architecture data files for vmscan
- Note: Python 3.8 is now the minimum supported version of python
Leave a comment:
- New Plugins:
-
Volatility Workbench v3.0.1009, based on Volatility 3 2.8.0, has been released:
https://www.osforensics.com/tools/vo...workbench.html
Any feedback is welcome.
Leave a comment:
-
Volatility 3 2.8.0 Latest- New plugins:
- vmscan
- linux.netfilter
- windows.hollowprocesses
- windows.kpcrs
- windows.pedump
- windows.processghosting
- windows.psxview
- windows.registry.getcellroutine
- windows.shimcachemem
- windows.suspicious_threads
- windows.svcdiff
- windows.svclist
- windows.threads
- windows.timers
- windows.unloadedmodules
- Improvements to:
- userassist with timeliner support
- bugfixes and additions to windows.modules and windows.modscan
- windows.callbacks plugin to support more callbacks
- Smear protection on windows
- Clearing the cache
- Intel layer
- Clang no longer using long unsigned int for pointers
- argcomplete support
Volatility 3 now uses features that require a minimum version of python >= 3.7.3.
I would love to get my hands on a new windows binary soon.
Kind Regards
Leave a comment:
- New plugins:
-
There are no additional requirements, some commands were disabled probably due to not working properly within the workbench.
Testing some of the disabled commands seem to work ok. We'll look at re-enabling them in a future release.
As a alternative, you can run all commands through vol.exe until then.
Leave a comment:
-
Hi,
I've encountered an issue with Volatility Workbench 3 where not all plugins, such as the Dump plugins, are visible (as mentioned above). Despite trying two different versions, including the latest one, the problem persists. Are there any solutions or specific requirements needed to resolve this issue?
Leave a comment:
-
I am unable to see all plugins in Volatility Workbench 3, such as the Dump plugins. Are there any specific requirements needed?
Leave a comment:
Leave a comment: