![]() ![]() New plugins include the ability to extract cached Truecrypt passphrases and master keys from Windows and Linux memory dumps, investigate Mac user activity (such as pulling their contact database, calendar items, PGP encrypted mails, OTR Adium chat messages, etc), and analyze advanced Linux rootkits. It adds support for Windows 8, 8.1, 2012, and 2012 R2 memory dumps and Mac OS X Mavericks (up to 10.9.4). The release of this version coincides with the publication of The Art of Memory Forensics. ![]() Volatility 2.4 ( Art of Memory Forensics) Either way, its an entire arsenal of plugins that you can easily extend into your existing Volatility installation.ĭownload the Volatility 2.5 Windows Standalone Executableĭownload the Volatility 2.5 Mac OS X Standalone Executablesĭownload the Volatility 2.5 Linux Standalone Executablesĭownload the Volatility 2.5 Source Code (.zip) ![]() Many of these are the result of the last 3 years of Volatility plugin contests, but some were just written for fun. This release also coincides with the Community repo - a collection of Volatility plugins written and maintained by authors in the forensics community. This is especially useful for framework designers (GUIs, web interfaces, library APIs), because you can interface with a plugin directly and ask for json, which you then store, process, or modify however you want. In short, less code leads to more functionality. Additionally, the unified output rendering gives users the flexibility of asking for results in various formats (html, sqlite, json, xlsx, dot, text, etc.) while simplifying things for plugin developers. This is the first release since the publication of The Art of Memory Forensics! It adds support for Windows 10 (initial), Linux kernels 4.2.3+, and Mac OS X Yosemite and El Capitan. Volatility 2.5 ( Unified Output / Community) ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |