Volatility Workbench v3.0.1004 has been released, updated to work with Volatility 3 2.4.0:
https://www.osforensics.com/tools/vo...workbench.html
Any feedback is welcome.
-
Hi David,
Volatility Workbench is sticking out as by providing Windows-versions of Volatility3 ever since. Please Keep it up! This is great work and really appreciated. One reason I choose OSF commercially.
I license OSF commercially and would love to get the current release of Volatility 3 2.4.0 with proper dependencies (including python-yara 4.x) compiled into a windows binary, As usually a memory dump is accompanied with a disk image. The Workbench is fine but sometimes it is more handsome to do stuff directly on the command line. Also for batch processing and so on. Virtualenv is not allways the best solution.
Those added modules in vol 3 2.4.0 are really important- windows.devicetree
- windows.joblinks
- windows.ldrmodules
- windows.mbrscan
- windows.mftscan
- windows.sessions
Kind RegardsLeave a comment:
-
hi; David
At what stage is the Volatility Workbench update? Are you going to do a new update?
thank youLeave a comment:
-
We'll include another update in conjunction with the next major release of OSF.Leave a comment:
-
hi; David
Volatility 3 2.4.0 is released, can you update the software? Thank you
https://github.com/volatilityfoundat...lity3/releases
For the 2.4.0 release, the major version has jumped a few numbers for compatibility, but this is the next release including the following:- New plugins
- linux.mountinfo
- linux.psaux
- windows.devicetree
- windows.joblinks
- windows.ldrmodules
- windows.mbrscan
- windows.mftscan
- windows.sessions
- Introduced the concept of modules and module requirements
- Unified symbol handling and ISF file caching between OS versions
- Better QEVM support (fixed the QEMU PCI hole)
- Exposed an API for automatic PDB symbol table use
- Improved contributed documentation
- Various bug fixes and changes across the codebase
Leave a comment:
- New plugins
-
According to their web site V3.1 is current. (which now confusingly seems to be called, Volatility 3 v1.0.0)
https://www.volatilityfoundation.org/releases-vol3
But yes, this doesn't match Github, which has Volatility 3 v2.0.0
https://github.com/volatilityfoundat...lity3/releases
Still doesn't seem to be any Windows executable binary either.
We'll have a look at it when we get time.
Update: Volatility Workbench v3.0.1003 with Windows binary was released based on code from July 18, 2022Leave a comment:
-
Are you going to update Volatility 3 2.0.0 for Volatility Workbench?
thank you very much for the software
Volatility 3 2.0.0 Latest
released this 16 days ago
Highlights for this release:
New plugins such as:
Windows networking plugins
Windows crashinfo and skeleton_key_check
Linux kmsg plugin
New layers: AVML and LeechCore
QEMU layer performance optimization
Improved access to Windows library symbols
Better offline and remote support
Improved documentation
Improved working with python requirements
Drop support for python 3.5Leave a comment:
-
We are already using Volatility 3.1.1.0-beta.1. At least that was what is called at the time. But their old numbing doesn't seem to make sense in the context of their new numbering from the last few months. I also note that they haven't been able to get it working on Windows as a binary. "Windows binary versions will be added once a solution has been found to all pyinstaller packages being identified as malware".
But yes, we are a few months behind and it needs to be updated. It is on out to do list.
Leave a comment:
-
Volatility Workbench
Are you going to update Volatility 3 1.0.1 for Volatility Workbench?
thank you very much for the software
Leave a comment: