Update volatility v2.1 – An advanced memory forensics framework

The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer visibilty into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.

What’s new in 2.0 Highlights of this release include:

  •     Restructured and depolluted namespace
  •     Usage and Development Documentation
  •     New Configuration Subsystem
  •     New Caching Subsystem
  •     New Pluggable address spaces with automated election
  •     New Address Spaces (i.e. EWF, Firewire)
  •     Updated Object Model and Profile Subsystems (VolatilityMagic)
  •     Support for Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7
  •     Updated Scanning Framework
  •     Volshell integration
  •     Over 40 new plugins!

 

Volatility supports investigations of the following x86 bit memory images:

* Microsoft Windows XP Service Pack 2 and 3
* Microsoft Windows 2003 Server Service Pack 0, 1 and 2
* Microsoft Vista Service Pack 0, 1 and 2
* Microsoft 2008 Server Service Pack 1 and 2 (there is no SP 0)
* Microsoft Windows 7 Service Pack 0 and 1

Volatility currently provides the following extraction capabilities for
memory samples:

– Image date and time
– Running processes
– Open network sockets
– Open network connections
– DLLs loaded for each process
– Open files for each process
– Open registry keys for each process
– OS kernel modules
– Mapping physical offsets to virtual addresses
– Virtual Address Descriptor information
– Addressable memory for each process
– Memory maps for each process
– Extract executable samples
– Scanning examples: processes, threads,
sockets, connections, modules

Download Right Here  | Read more in here
Our Post Before : https://seclist.wordpress.com/2011/12/06/volatility-v2-0-an-advanced-memory-forensics-framework-release/

Advertisements