[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vol-dev
Subject:    [Vol-dev] Volatility-1.2.1pre
From:       awalters () 4tphi ! net (AAron Walters)
Date:       2008-06-21 12:59:06
Message-ID: Pine.LNX.4.64.0709260003550.6563 () mail ! 4tphi ! net
[Download RAW message or body]


We are getting ready to release Volatility-1.2.  If you have some changes you 
would like to see in this release, please let me know by the end of the week. 
If you are interested in testing the release candidate, send me an email.  I've 
included the CHANGELOG for this release:

CHANGELOG

09.21.2007    Volatility-1.2.1pre  awalters

     * New Module: usrdmp
        Files:
          vmodules.py
        Description:
          Dumps a processes address space. Thanks Eoghan Casey.

09.20.2007    Volatility-1.2pre    awalters

     * New Module: modscan
        Files:
          vmodules.py
          forensics/win32/scan.py
          forensics/win32/globals.py
        Description:
          Performs a linear scan for memory resident Windows modules.
          Contributed by Andreas Schuster.
     * New Module: memmap
        Files:
          vmodules.py
          forensics/x86.py
        Description:
          Provides a map of the virtual to physical address translations
          within a particular address space.  Based on similar tools by
          Andreas Schuster (memdump.pl) and Brendan Dolan-Gavitt
          (memdump.py).
     * New Module: dmpchk
        Files:
          vmodules.py
          forensics/win32/crash_addrspace.py
        Description:
          Prints auxiliary information about the crash dump file.
     * New Module: WindowsCrashDumpSpace32
        Files:
          forensics/x86.py
          forensics/win32/crash_addrspace.py
        Description:
          Provides the ability to use crash dumps as input to Volatility.
          This is accomplished through the use of stackable address spaces.
          Contributions from Andreas Schuster.
     * New Feature: get_available_pages()
        Files:
          forensics/x86.py
        Description:
          This functions allows an investigator to find all available pages
          within a particular address space.  Thanks Brendan Dolan-Gavitt.
     * New Feature: zread()
        Files:
 	 forensics/x86.py
 	 forensics/addrspace.py
 	 forensics/win32/crash_addrspace.py
        Description:
          Added the ability to continuing reading even if pages are
          unavailable. Invalid pages are replaced with zeros. Thanks Brendan
          Dolan-Gavitt.


thanks,

AW

[prev in list] [next in list] [prev in thread] [next in thread]