The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibilty into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.

What's new in 2.0

• Restructured and depolluted namespace
• Usage and Development Documentation
• New Configuration Subsystem
• New Caching Subsystem
• New Pluggable address spaces with automated election
• New Address Spaces (i.e. EWF, Firewire)
• Updated Object Model and Profile Subsystems (VolatilityMagic)
• Support for Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7
• Updated Scanning Framework
• Volshell integration
• Over 40 new plugins!

Subscribe Top Hacker Stories via email