PaulDotCom mailing list archives
First week of Month of Volatility Plugins II is posted
From: Andrew Case <atcuno () gmail com>
Date: Mon, 20 May 2013 13:07:06 -0500
Hello, We are writing as the first week of the second installment of the Month of Volatility Plugins is now posted. Volatility 2.3 is currently in beta, and the blog posts are focusing on new features in this version. This week's posts discussed a number of new address spaces we have added to support new hardware architectures and file formats. The first one is the MachO address space used to support Mac Memory Reader: http://volatility-labs.blogspot.com/2013/05/movp-ii-11-mach-o-address-space.html The second is an address space used to support VirtualBox: http://volatility-labs.blogspot.com/2013/05/movp-ii-12-virtualbox-elf64-core-dumps.html The third address space allows for analysis of VMware snapshot files (.vmss and .vmsn): http://volatility-labs.blogspot.com/2013/05/movp-ii-13-vmware-snapshot-and-saved.html The fourth address space supports the hpak format of the HBGary Fast Dump acquisition tool: http://volatility-labs.blogspot.com/2013/05/movp-ii-14-new-hpak-address-space.html The final address space discussed adds support for the ARM architecture. This is leveraged by Volatility's Android support: http://volatility-labs.blogspot.com/2013/05/movp-ii-15-arm-address-space-volatility.html We hope you enjoy the posts, and the second installment of posts will begin tomorrow and cover a number of new plugins to help analyzing Windows samples. If you have any questions or comments please comment on an individual blog post or reply to this email. Thanks, Andrew (@attrc) _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- First week of Month of Volatility Plugins II is posted Andrew Case (May 20)