Skip to content

Volatility 2.6: December 2016

Latest
Compare
Choose a tag to compare
@awalters awalters released this 09 Apr 20:04
· 70 commits to master since this release
c670176
  • Enhanced support for Windows 10 (including 14393.447)

  • Added new profiles for recently patched Windows 7, Windows 8, and Server 2012

  • Optimized page table enumeration and scanning algorithms, especially on 64-bit Windows 10

  • Added support for carving Internet Explorer 10 history records

  • Added support for memory dumps from the most recent VirtualBox version

  • Updated the svcscan plugin to show FailureCommand (the command that runs when a service fails to start multiple times)

  • Add APIs to paged address spaces (x86 and x64) to allow easy lookups of PTE flags (i.e. writeable, no-exec, supervisor, copy-on-write)

  • Add support for tagging Mac memory ranges as heaps, stacks, etc.

  • Add plugins for checking Mac file operation pointers, C++ classes in the kernel, IOKit interest handlers, timers set by kernel drivers, and enumeration of processes that filter file system events

  • Add support for KASLR Linux kernels