Skip to content

Releases: volatilityfoundation/volatility

Volatility 2.6: December 2016

09 Apr 20:04
@awalters awalters
2.6.1
c670176
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Volatility 2.6: December 2016 Latest
Latest

  • Enhanced support for Windows 10 (including 14393.447)

  • Added new profiles for recently patched Windows 7, Windows 8, and Server 2012

  • Optimized page table enumeration and scanning algorithms, especially on 64-bit Windows 10

  • Added support for carving Internet Explorer 10 history records

  • Added support for memory dumps from the most recent VirtualBox version

  • Updated the svcscan plugin to show FailureCommand (the command that runs when a service fails to start multiple times)

  • Add APIs to paged address spaces (x86 and x64) to allow easy lookups of PTE flags (i.e. writeable, no-exec, supervisor, copy-on-write)

  • Add support for tagging Mac memory ranges as heaps, stacks, etc.

  • Add plugins for checking Mac file operation pointers, C++ classes in the kernel, IOKit interest handlers, timers set by kernel drivers, and enumeration of processes that filter file system events

  • Add support for KASLR Linux kernels

Assets 7
Loading