Changelog for
python-volatility-2.5-5.2.noarch.rpm :
Thu Feb 11 13:00:00 2016 Greg.FreemyerAATTgmail.com
- update to v2.5
* Windows memory dump analysis
Added profiles for Windows 8.1 Update 1
Added basic support for Windows 10
New plugin to print AmCache information from the registry (amcache)
New plugin to dump registry files to disk (dumpregistry)
New plugin to detect hidden/unlinked service record structures (servicediff)
New plugin to print the shutdown time from the registry (shutdowntime)
New plugin to print editbox controls from the GUI subsystem (editbox)
Malfind plugin detects injected code with erased PE headers
Imagecopy and raw2dmp can display the number of bytes copied or converted
Fix an issue with the memmap and memdump offsets being inconsistent
Fix an issue with vadtree\'s graphviz fill colors not being rendered by some viewers
Update the well known SIDs reported by the getsids plugin
Add an optional --max-size parameter to yarascan, dump_maps, etc
Fix an issue translating strings in PAE and x64 images
Add options to yarascan for case-insensitive search
Add options to yarascan to scan process and kernel memory at once
* Mac OSX memory dump analysis
Added profiles and support for Mac 10.10 Yosemite and 10.11 El Capitan
New plugin to print and extract compressed swap data (mac_compressed_swap)
New plugin to automatically detect Mac OS X profiles (mac_get_profile)
New plugin(s) to report Kauth scopes and listeners (mac_list_kauth_scopes | listeners)
New plugin to identify applications with promiscuous sockets (mac_list_raw)
New plugin to find hidden threads (mac_orphan_threads)
New plugin to print process environment variables (mac_psenv)
New plugin to print basic and complex thread data (mac_threads, mac_threads_simple)
* Linux/Android memory dump analysis
Addd support for Linux kernels up to 4.2.3
New plugin to print Linux dynamic environment variables (linux_dynamic_env)
New plugin to print the current working directory of processes (linux_getcwd)
New plugin to carve for network connection structures (linux_netscan)
Speed improvements to various plugins
Improve handling of mprotect() Linux memory regions
-update specfile to match file placement from fedora v2.4 specfile
Thu Sep 25 14:00:00 2014 Greg.FreemyerAATTgmail.com
- update to v2.4
* As of Volatility 2.4, all changes are now tracked on the GitHub site:
https://github.com/volatilityfoundation/volatility
* Volatility 2.0-2.3: all changes were tracked on the Google Code site:
http://code.google.com/p/volatility/source/list
- specfile cleanup
Tue Feb 7 13:00:00 2012 Greg.FreemyerAATTgmail.com
- initial package
An advanced memory forensics framework