* Many new plugins, see upstream changelog
* Support for configuration files for common CLI options
* linux.kmsg: Supports older kernels
* Support for Python 3.12
* userassist with timeliner support
* Clang no longer using long unsigned int for pointers
* argcomplete support
* Output formatting and filtering in the CLI
* Additional architecture data files for vmscan
* Python 3.8 is now the minimum supported version of python
- python-distorm3 is not needed anymore
OBS-URL: https://build.opensuse.org/package/show/security:forensics/volatility3?expand=0&rev=18
- Rewrite of the Python packaging not to use superfluous %python_subpackages.
- Upgrade to 2.5.2:
New Layers:
Amazon S3 support
Google Cloud Storage support
New plugins:
linux.vmayarascan
windows.mftscan.ads
New features:
Dumping of Elf files added to the elfs plugin
Better support for remote ISF directories
- Upgrade to 2.5.0:
New plugins:
Linux capabilities plugin
Linux process dumping
Add support for Xen ELF file format
Improved Linux subsystem support
- Upgrade to 2.4.1:
New plugins:
linux.sockstat
linux.iomem
linux.psscan
linux.envars
windows.drivermodule
windows.vadwalk
Pid filtering for Windows pstree plugin
Minor fixes for Windows callbacks plugin
Minimum Python version was increased to 3.7
Python-snappy dependency was replaced with ctypes to ease installation
Whole codebase was reformatted with black
OBS-URL: https://build.opensuse.org/request/show/1171848
OBS-URL: https://build.opensuse.org/package/show/security:forensics/volatility3?expand=0&rev=16
- update to v2.0.1
- New plugins such as:
- Windows networking plugins
- Windows crashinfo and skeleton_key_check
- Linux kmsg plugin
- New layers: AVML and LeechCore
- QEMU layer performance optimization
- Improved access to Windows library symbols
- Better offline and remote support
- Improved documentation
- Improved working with python requirements
- Drop support for python 3.5
- changed source to -- Source: v%{version}.tar.gz
- add multi-python build support
- add
- Obsoletes: volatility3 < %{version}
- Provides: volatility3 = %{version}
- Update to version v1.0.0~git.20200818T091513.73f3c217:
- too many to list here. See:
https://github.com/volatilityfoundation/volatility3/compare/v1.0.0-beta.1...master
- Switch to tar_scm _service (disabled)
- Add more requirements
- update to volatility3 version v1.0.0-beta.1
- this is a major rewrite of python-volatility to be python3 compatible
- note that the update is so complete, a new name is provided by upstream and the version number is reset to v1.0.0
- obsolete python-volatility (the python 2 version)
- update license to - License: BSD-2-Clause-Patent and CC-PDDC
-Update to 2.6.1:
*fix local variable 'all_zeros' referenced before assignment
---------------------------------------------------------------
- Trim description of irrelevant stuff
- update to v2.6
* Enhanced support for Windows 10 (including 14393.447)
* Added new profiles for recently patched Windows 7, Windows 8, and Server 2012
* Optimized page table enumeration and scanning algorithms, especially on 64-bit Windows 10
* Added support for carving Internet Explorer 10 history records
* Added support for memory dumps from the most recent VirtualBox version
* Updated the svcscan plugin to show FailureCommand
(the command that runs when a service fails to start multiple times)
* Add APIs to paged address spaces (x86 and x64) to allow easy lookups of PTE flags
(i.e. writeable, no-exec, supervisor, copy-on-write)
* Add support for tagging Mac memory ranges as heaps, stacks, etc.
* Add plugins for checking Mac file operation pointers, C++ classes in the kernel,
IOKit interest handlers, timers set by kernel drivers, and enumeration of
processes that filter file system events
* Add support for KASLR Linux kernels
- add %{_docdir}/python-volatility to %files to fix factory build failure
- add obsoletes: volatility <= 2.4 as the package was renamed
- update to v2.5
* Windows memory dump analysis
Added profiles for Windows 8.1 Update 1
Added basic support for Windows 10
New plugin to print AmCache information from the registry (amcache)
New plugin to dump registry files to disk (dumpregistry)
New plugin to detect hidden/unlinked service record structures (servicediff)
New plugin to print the shutdown time from the registry (shutdowntime)
New plugin to print editbox controls from the GUI subsystem (editbox)
Malfind plugin detects injected code with erased PE headers
Imagecopy and raw2dmp can display the number of bytes copied or converted
Fix an issue with the memmap and memdump offsets being inconsistent
Fix an issue with vadtree's graphviz fill colors not being rendered by some viewers
Update the well known SIDs reported by the getsids plugin
Add an optional --max-size parameter to yarascan, dump_maps, etc
Fix an issue translating strings in PAE and x64 images
Add options to yarascan for case-insensitive search
Add options to yarascan to scan process and kernel memory at once
* Mac OSX memory dump analysis
Added profiles and support for Mac 10.10 Yosemite and 10.11 El Capitan
New plugin to print and extract compressed swap data (mac_compressed_swap)
New plugin to automatically detect Mac OS X profiles (mac_get_profile)
New plugin(s) to report Kauth scopes and listeners (mac_list_kauth_scopes | listeners)
New plugin to identify applications with promiscuous sockets (mac_list_raw)
New plugin to find hidden threads (mac_orphan_threads)
New plugin to print process environment variables (mac_psenv)
New plugin to print basic and complex thread data (mac_threads, mac_threads_simple)
* Linux/Android memory dump analysis
Addd support for Linux kernels up to 4.2.3
New plugin to print Linux dynamic environment variables (linux_dynamic_env)
New plugin to print the current working directory of processes (linux_getcwd)
New plugin to carve for network connection structures (linux_netscan)
Speed improvements to various plugins
Improve handling of mprotect() Linux memory regions
-update specfile to match file placement from fedora v2.4 specfile
- update to v2.4
* As of Volatility 2.4, all changes are now tracked on the GitHub site:
https://github.com/volatilityfoundation/volatility
* Volatility 2.0-2.3: all changes were tracked on the Google Code site:
http://code.google.com/p/volatility/source/list
- specfile cleanup
- initial package
An advanced memory forensics framework
OBS-URL: https://build.opensuse.org/request/show/981964
OBS-URL: https://build.opensuse.org/package/show/security:forensics/volatility3?expand=0&rev=14
- update to v2.0.1
- New plugins such as:
- Windows networking plugins
- Windows crashinfo and skeleton_key_check
- Linux kmsg plugin
- New layers: AVML and LeechCore
- QEMU layer performance optimization
- Improved access to Windows library symbols
- Better offline and remote support
- Improved documentation
- Improved working with python requirements
- Drop support for python 3.5
- changed source to -- Source: v%{version}.tar.gz
- add multi-python build support
- add Provides: volatility3 the non-versioned name of the package. Now python38-volatility3, etc
- Update to version v1.0.0~git.20200818T091513.73f3c217:
- too many to list here. See:
https://github.com/volatilityfoundation/volatility3/compare/v1.0.0-beta.1...master
- Switch to tar_scm _service (disabled)
- Add more requirements
- update to volatility3 version v1.0.0-beta.1
- this is a major rewrite of python-volatility to be python3 compatible
- note that the update is so complete, a new name is provided by upstream and the version number is reset to v1.0.0
- obsolete python-volatility (the python 2 version)
- update license to - License: BSD-2-Clause-Patent and CC-PDDC
-Update to 2.6.1:
*fix local variable 'all_zeros' referenced before assignment
---------------------------------------------------------------
- Trim description of irrelevant stuff
- update to v2.6
* Enhanced support for Windows 10 (including 14393.447)
* Added new profiles for recently patched Windows 7, Windows 8, and Server 2012
* Optimized page table enumeration and scanning algorithms, especially on 64-bit Windows 10
* Added support for carving Internet Explorer 10 history records
* Added support for memory dumps from the most recent VirtualBox version
* Updated the svcscan plugin to show FailureCommand
(the command that runs when a service fails to start multiple times)
* Add APIs to paged address spaces (x86 and x64) to allow easy lookups of PTE flags
(i.e. writeable, no-exec, supervisor, copy-on-write)
* Add support for tagging Mac memory ranges as heaps, stacks, etc.
* Add plugins for checking Mac file operation pointers, C++ classes in the kernel,
IOKit interest handlers, timers set by kernel drivers, and enumeration of
processes that filter file system events
* Add support for KASLR Linux kernels
- add %{_docdir}/python-volatility to %files to fix factory build failure
- add obsoletes: volatility <= 2.4 as the package was renamed
- update to v2.5
* Windows memory dump analysis
Added profiles for Windows 8.1 Update 1
Added basic support for Windows 10
New plugin to print AmCache information from the registry (amcache)
New plugin to dump registry files to disk (dumpregistry)
New plugin to detect hidden/unlinked service record structures (servicediff)
New plugin to print the shutdown time from the registry (shutdowntime)
New plugin to print editbox controls from the GUI subsystem (editbox)
Malfind plugin detects injected code with erased PE headers
Imagecopy and raw2dmp can display the number of bytes copied or converted
Fix an issue with the memmap and memdump offsets being inconsistent
Fix an issue with vadtree's graphviz fill colors not being rendered by some viewers
Update the well known SIDs reported by the getsids plugin
Add an optional --max-size parameter to yarascan, dump_maps, etc
Fix an issue translating strings in PAE and x64 images
Add options to yarascan for case-insensitive search
Add options to yarascan to scan process and kernel memory at once
* Mac OSX memory dump analysis
Added profiles and support for Mac 10.10 Yosemite and 10.11 El Capitan
New plugin to print and extract compressed swap data (mac_compressed_swap)
New plugin to automatically detect Mac OS X profiles (mac_get_profile)
New plugin(s) to report Kauth scopes and listeners (mac_list_kauth_scopes | listeners)
New plugin to identify applications with promiscuous sockets (mac_list_raw)
New plugin to find hidden threads (mac_orphan_threads)
New plugin to print process environment variables (mac_psenv)
New plugin to print basic and complex thread data (mac_threads, mac_threads_simple)
* Linux/Android memory dump analysis
Addd support for Linux kernels up to 4.2.3
New plugin to print Linux dynamic environment variables (linux_dynamic_env)
New plugin to print the current working directory of processes (linux_getcwd)
New plugin to carve for network connection structures (linux_netscan)
Speed improvements to various plugins
Improve handling of mprotect() Linux memory regions
-update specfile to match file placement from fedora v2.4 specfile
- update to v2.4
* As of Volatility 2.4, all changes are now tracked on the GitHub site:
https://github.com/volatilityfoundation/volatility
* Volatility 2.0-2.3: all changes were tracked on the Google Code site:
http://code.google.com/p/volatility/source/list
- specfile cleanup
- initial package
An advanced memory forensics framework
OBS-URL: https://build.opensuse.org/request/show/981962
OBS-URL: https://build.opensuse.org/package/show/security:forensics/volatility3?expand=0&rev=13
- update to v2.0.1
- New plugins such as:
- Windows networking plugins
- Windows crashinfo and skeleton_key_check
- Linux kmsg plugin
- New layers: AVML and LeechCore
- QEMU layer performance optimization
- Improved access to Windows library symbols
- Better offline and remote support
- Improved documentation
- Improved working with python requirements
- Drop support for python 3.5
- changed source to -- Source: v%{version}.tar.gz
- add multi-python build support
OBS-URL: https://build.opensuse.org/request/show/981957
OBS-URL: https://build.opensuse.org/package/show/security:forensics/volatility3?expand=0&rev=12
