Volatility Workbench v3.0.1015, based on Volatility 3 2.27.0, has been released:
https://www.osforensics.com/tools/vo...workbench.html
Any feedback is welcome.
-
Volatility 3 2.27.0 Latest- New plugin:
- windows.pebmasquerade
- Improved linux.malfind and linux.lsof
- Slightly improved pdb scanning
- Fixed linux mount enumeration
- Behind the scenes improvements on the framework
- Added arrow/parquet format renderer
- Enhanced windows.dlllist plugin
- Improved windows.vadyarascan plugin
- Windows executable included as part of the release cycle
Known issues- There is a known issue affecting volatility3's ability to handle certain specific Windows 11 images.
A fix should be included in the next release, see #1929 for more. - The arrow/parquet support is NOT included in the windows binary file for this release.
This should be resolved by the next release, see #1936 for more.
Leave a comment:
- New plugin:
-
Volatility Workbench v3.0.1014, based on Volatility 3 2.26.2, has been released:
https://www.osforensics.com/tools/vo...workbench.html
Any feedback is welcome.Leave a comment:
-
Volatility 3 2.26.2- New plugin:
- windows.etwpatch
- volshell now supports breakpoints (also known as watchpoints) that can be applied to a specific layer and offset that will break into python at the point the layer read occurs on that offset.
- Various fixes across multiple plugins
- Improved documentation in many areas
Leave a comment:
- New plugin:
-
Volatility Workbench v3.0.1012, based on Volatility 3 2.26.0, has been released:
https://www.osforensics.com/tools/vo...workbench.html
Any feedback is welcome.Leave a comment:
-
Volatility 3 2.26.0 Latest
This release aims to achieve functional parity with the archived and no-longer-supported Volatility 2. As such, there are a number of changes, only some of which are listed below:
New plugins- linux.graphics.fbdev
- linux.ip
- linux.kallsyms
- linux.module_extract
- linux.modxview
- linux.pscallstack
- linux.tracing.ftrace
- linux.tracing.perf_events
- linux.tracing.tracepoints
- linux.vmaregexscan
- linux.vmcoreinfo
- mac.regexscan
- windows.deskscan
- windows.desktops
- windows.direct_system_calls
- windows.indirect_system_calls
- windows.suspended_threads
- windows.vadregexscan
- windows.windows
- windows.windowstations
Framework Changes- Modernize to pyproject.toml python packaging
- New testing framework to ensure version/component requirements are fulfilled
Leave a comment:
-
We were able to reproduce the error, this has been fixed with the latest release:
https://www.osforensics.com/tools/vo...workbench.htmlLeave a comment:
-
Leave a comment:
-
-
I just started using it. So far there's a lot pros. Faster than py version of vol in both running commands and execution time.
I found 1 bug:
If you clear logs and run a new command, the save to file option will still include the items you cleared.
But otherwise i'm loving it.
Did stuck with a linux memory symbols issue but i raised that in another thread. That's probably user error.
And btw thanks a lot for the tool!Leave a comment:
-
Volatility Workbench v3.0.1010, based on Volatility 3 2.11.0, has been released:
https://www.osforensics.com/tools/vo...workbench.html
Any feedback is welcome.Leave a comment:
-
Volatility 3 2.11.0- New Plugins:
- linux.boottime
- linux.ebpf
- linux.hidden_modules
- linux.kthreads
- linux.pagecache
- linux.pidhashtable
- linux.ptrace
- windows.amcache
- windows.cmdscan
- windows.consoles
- windows.debugregisters
- windows.orphan_kernel_threads
- windows.pe_symbols
- windows.scheduled_tasks
- windows.unhoooked_system_calls
- Improvements to:
- Output formatting and filtering in the CLI
- Additional architecture data files for vmscan
- Note: Python 3.8 is now the minimum supported version of python
Leave a comment:
- New Plugins:
-
Volatility Workbench v3.0.1009, based on Volatility 3 2.8.0, has been released:
https://www.osforensics.com/tools/vo...workbench.html
Any feedback is welcome.Leave a comment:
-
Volatility 3 2.8.0 Latest- New plugins:
- vmscan
- linux.netfilter
- windows.hollowprocesses
- windows.kpcrs
- windows.pedump
- windows.processghosting
- windows.psxview
- windows.registry.getcellroutine
- windows.shimcachemem
- windows.suspicious_threads
- windows.svcdiff
- windows.svclist
- windows.threads
- windows.timers
- windows.unloadedmodules
- Improvements to:
- userassist with timeliner support
- bugfixes and additions to windows.modules and windows.modscan
- windows.callbacks plugin to support more callbacks
- Smear protection on windows
- Clearing the cache
- Intel layer
- Clang no longer using long unsigned int for pointers
- argcomplete support
Volatility 3 now uses features that require a minimum version of python >= 3.7.3.
I would love to get my hands on a new windows binary soon.
Kind RegardsLeave a comment:
- New plugins:
Leave a comment: