forked from pool/volatility3
455fa5011c
* Many new plugins, see upstream changelog * Support for configuration files for common CLI options * linux.kmsg: Supports older kernels * Support for Python 3.12 * userassist with timeliner support * Clang no longer using long unsigned int for pointers * argcomplete support * Output formatting and filtering in the CLI * Additional architecture data files for vmscan * Python 3.8 is now the minimum supported version of python - python-distorm3 is not needed anymore OBS-URL: https://build.opensuse.org/package/show/security:forensics/volatility3?expand=0&rev=18
198 lines
8.5 KiB
Plaintext
198 lines
8.5 KiB
Plaintext
-------------------------------------------------------------------
|
|
Wed Jan 22 10:44:46 UTC 2025 - Markéta Machová <mmachova@suse.com>
|
|
|
|
- Update to 2.11.0
|
|
* Many new plugins, see upstream changelog
|
|
* Support for configuration files for common CLI options
|
|
* linux.kmsg: Supports older kernels
|
|
* Support for Python 3.12
|
|
* userassist with timeliner support
|
|
* Clang no longer using long unsigned int for pointers
|
|
* argcomplete support
|
|
* Output formatting and filtering in the CLI
|
|
* Additional architecture data files for vmscan
|
|
* Python 3.8 is now the minimum supported version of python
|
|
- python-distorm3 is not needed anymore
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 3 19:46:00 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
|
|
|
|
- Rewrite of the Python packaging not to use superfluous %python_subpackages.
|
|
- Upgrade to 2.5.2:
|
|
New Layers:
|
|
Amazon S3 support
|
|
Google Cloud Storage support
|
|
New plugins:
|
|
linux.vmayarascan
|
|
windows.mftscan.ads
|
|
New features:
|
|
Dumping of Elf files added to the elfs plugin
|
|
Better support for remote ISF directories
|
|
- Upgrade to 2.5.0:
|
|
New plugins:
|
|
Linux capabilities plugin
|
|
Linux process dumping
|
|
Add support for Xen ELF file format
|
|
Improved Linux subsystem support
|
|
- Upgrade to 2.4.1:
|
|
New plugins:
|
|
linux.sockstat
|
|
linux.iomem
|
|
linux.psscan
|
|
linux.envars
|
|
windows.drivermodule
|
|
windows.vadwalk
|
|
Pid filtering for Windows pstree plugin
|
|
Minor fixes for Windows callbacks plugin
|
|
Minimum Python version was increased to 3.7
|
|
Python-snappy dependency was replaced with ctypes to ease installation
|
|
Whole codebase was reformatted with black
|
|
- Upgrade to 2.4.0:
|
|
For the 2.4.0 release, the major version has jumped a few
|
|
numbers for compatibility, but this is the next release
|
|
including the following:
|
|
New plugins
|
|
linux.mountinfo
|
|
linux.psaux
|
|
windows.devicetree
|
|
windows.joblinks
|
|
windows.ldrmodules
|
|
windows.mbrscan
|
|
windows.mftscan
|
|
windows.sessions
|
|
Introduced the concept of modules and module requirements
|
|
Unified symbol handling and ISF file caching between OS versions
|
|
Better QEVM support (fixed the QEMU PCI hole)
|
|
Exposed an API for automatic PDB symbol table use
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 10 01:35:22 UTC 2022 - Greg Freemyer <Greg.Freemyer@gmail.com>
|
|
|
|
- update to v2.0.1
|
|
- New plugins such as:
|
|
- Windows networking plugins
|
|
- Windows crashinfo and skeleton_key_check
|
|
- Linux kmsg plugin
|
|
- New layers: AVML and LeechCore
|
|
- QEMU layer performance optimization
|
|
- Improved access to Windows library symbols
|
|
- Better offline and remote support
|
|
- Improved documentation
|
|
- Improved working with python requirements
|
|
- Drop support for python 3.5
|
|
|
|
- changed source to -- Source: v%{version}.tar.gz
|
|
|
|
- add multi-python build support
|
|
- add
|
|
- Obsoletes: volatility3 < %{version}
|
|
- Provides: volatility3 = %{version}
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 19 11:58:40 UTC 2020 - hpj@urpla.net
|
|
|
|
- Update to version v1.0.0~git.20200818T091513.73f3c217:
|
|
- too many to list here. See:
|
|
https://github.com/volatilityfoundation/volatility3/compare/v1.0.0-beta.1...master
|
|
- Switch to tar_scm _service (disabled)
|
|
- Add more requirements
|
|
|
|
-------------------------------------------------------------------
|
|
Sat May 2 22:09:34 UTC 2020 - Greg Freemyer <Greg.Freemyer@gmail.com>
|
|
|
|
- update to volatility3 version v1.0.0-beta.1
|
|
- this is a major rewrite of python-volatility to be python3 compatible
|
|
- note that the update is so complete, a new name is provided by upstream and the version number is reset to v1.0.0
|
|
- obsolete python-volatility (the python 2 version)
|
|
- update license to - License: BSD-2-Clause-Patent and CC-PDDC
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 18 16:04:43 UTC 2018 - atoptsoglou@suse.com
|
|
|
|
-Update to 2.6.1:
|
|
|
|
*fix local variable 'all_zeros' referenced before assignment
|
|
|
|
---------------------------------------------------------------
|
|
Thu Apr 20 11:35:00 UTC 2017 - jengelh@inai.de
|
|
|
|
- Trim description of irrelevant stuff
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 17 10:48:57 UTC 2017 - Greg.Freemyer@gmail.com
|
|
|
|
- update to v2.6
|
|
* Enhanced support for Windows 10 (including 14393.447)
|
|
* Added new profiles for recently patched Windows 7, Windows 8, and Server 2012
|
|
* Optimized page table enumeration and scanning algorithms, especially on 64-bit Windows 10
|
|
* Added support for carving Internet Explorer 10 history records
|
|
* Added support for memory dumps from the most recent VirtualBox version
|
|
* Updated the svcscan plugin to show FailureCommand
|
|
(the command that runs when a service fails to start multiple times)
|
|
* Add APIs to paged address spaces (x86 and x64) to allow easy lookups of PTE flags
|
|
(i.e. writeable, no-exec, supervisor, copy-on-write)
|
|
* Add support for tagging Mac memory ranges as heaps, stacks, etc.
|
|
* Add plugins for checking Mac file operation pointers, C++ classes in the kernel,
|
|
IOKit interest handlers, timers set by kernel drivers, and enumeration of
|
|
processes that filter file system events
|
|
* Add support for KASLR Linux kernels
|
|
- add %{_docdir}/python-volatility to %files to fix factory build failure
|
|
- add obsoletes: volatility <= 2.4 as the package was renamed
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 11 03:54:06 UTC 2016 - Greg.Freemyer@gmail.com
|
|
|
|
- update to v2.5
|
|
* Windows memory dump analysis
|
|
Added profiles for Windows 8.1 Update 1
|
|
Added basic support for Windows 10
|
|
New plugin to print AmCache information from the registry (amcache)
|
|
New plugin to dump registry files to disk (dumpregistry)
|
|
New plugin to detect hidden/unlinked service record structures (servicediff)
|
|
New plugin to print the shutdown time from the registry (shutdowntime)
|
|
New plugin to print editbox controls from the GUI subsystem (editbox)
|
|
Malfind plugin detects injected code with erased PE headers
|
|
Imagecopy and raw2dmp can display the number of bytes copied or converted
|
|
Fix an issue with the memmap and memdump offsets being inconsistent
|
|
Fix an issue with vadtree's graphviz fill colors not being rendered by some viewers
|
|
Update the well known SIDs reported by the getsids plugin
|
|
Add an optional --max-size parameter to yarascan, dump_maps, etc
|
|
Fix an issue translating strings in PAE and x64 images
|
|
Add options to yarascan for case-insensitive search
|
|
Add options to yarascan to scan process and kernel memory at once
|
|
* Mac OSX memory dump analysis
|
|
Added profiles and support for Mac 10.10 Yosemite and 10.11 El Capitan
|
|
New plugin to print and extract compressed swap data (mac_compressed_swap)
|
|
New plugin to automatically detect Mac OS X profiles (mac_get_profile)
|
|
New plugin(s) to report Kauth scopes and listeners (mac_list_kauth_scopes | listeners)
|
|
New plugin to identify applications with promiscuous sockets (mac_list_raw)
|
|
New plugin to find hidden threads (mac_orphan_threads)
|
|
New plugin to print process environment variables (mac_psenv)
|
|
New plugin to print basic and complex thread data (mac_threads, mac_threads_simple)
|
|
* Linux/Android memory dump analysis
|
|
Addd support for Linux kernels up to 4.2.3
|
|
New plugin to print Linux dynamic environment variables (linux_dynamic_env)
|
|
New plugin to print the current working directory of processes (linux_getcwd)
|
|
New plugin to carve for network connection structures (linux_netscan)
|
|
Speed improvements to various plugins
|
|
Improve handling of mprotect() Linux memory regions
|
|
-update specfile to match file placement from fedora v2.4 specfile
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 25 20:12:57 UTC 2014 - Greg.Freemyer@gmail.com
|
|
|
|
- update to v2.4
|
|
* As of Volatility 2.4, all changes are now tracked on the GitHub site:
|
|
https://github.com/volatilityfoundation/volatility
|
|
* Volatility 2.0-2.3: all changes were tracked on the Google Code site:
|
|
http://code.google.com/p/volatility/source/list
|
|
- specfile cleanup
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 7 00:19:04 UTC 2012 - Greg.Freemyer@gmail.com
|
|
|
|
- initial package
|
|
|
|
An advanced memory forensics framework
|
|
|