Volatility Framework 2.1 RC1 Released - Hacking Tools Download Download Hacking Tools at 'Tools Yard': Volatility Framework 2.1 RC1 Released

Volatility Framework 2.1 RC1 Released

Labels:
, ,

The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibilty into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.
Volatility Framework

Changes in new version:
  • Catch InvalidOffsetErrors gracefully. Fixes issue 280.
  • Pylint the pyinstaller spec file.
  • Move to the development version of pyinstaller (> 1.5.1)
  • Remove unnecessary imports now we’re using the dev pyinstaller.
  • Apply (maybe temporary) fixes to two UnicodeEncodeError exceptions in vadinfo and hivelist. fixes issue #295.
  • Remove link to testsuite plugin, it doesn’t seem to be in the codebase any more
  • Make better use of Plugin.is_valid_profile for blacklisting commands on unsupported profiles.
  • Fix some typos in the connections.Connections class pydoc
  • Convert connscan output to table_header/table_row. this should be done prior to 2.1 since table renders are a major new feature in 2.1
  • Updated kdbgscan.
  • Added tests for kdbgscan.
  • Updated the scanning framework to not use the buffer address space.
  • Added a caching address space for slow io systems such as windows. Various bug fixes and updates.
  • Added a new plugin to concisely print the vad information (like windbg’s !vad).
  • Convert dlldump, procexedump, and moddump to table_header/row output. Increases code sharing between the plugins. Adds more descriptive error messages when PE files cannot be dumped.
  • Added 64 bit support to vtop/ptov/pfn plugins.
  • Converted ldrmodules plugin. Added a 32bit pae implementation for vtop and pfn modules.
  • Adding a new dtbscan module which detects hidden processes using their dtb.
  • Added a RegDump module to dump registry hives for further processing by other tools (e.g. RegRipper). Update vad modules to use renderer.format().
  • Initial support for windows 8 – currently only pslist works :-). See Issue 142.
  • Prevent impscan from raising an IndexError when no imports are found. Fixes issue #300
  • Fix a minor error in netscan, and pylint the rest of the recently changed code.
  • Add in distorm3 support and unbuffered output for pyinstaller. Also minor pylint for setup.py.
  • Fix the pyinstaller distorm3 hook documentation to be pyinstaller specific.


Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email

Posted by Mohit Kumar at Friday, July 20, 2012  

The Hacker News - Daily Updates