applications/forensics tools

Volatility - Tools for the extraction of digital artifacts from volatile memory (RAM) images

Website: https://code.google.com/p/volatility/
License: GPL
Vendor: cert.org
Description:
The Volatility Framework is a completely open collection of tools,
implemented in Python under the GNU General Public License, for the
extraction of digital artifacts from volatile memory (RAM) images. The
extraction techniques are performed completely independent of the system
being investigated but offer unprecedented visibilty into the runtime
state of the system. The framework is intended to introduce people to the
techniques and complexities associated with extracting digital artifacts
from volatile memory images and provide a platform for further work into
this exciting area of research.

The Volatility Framework demonstrates our committment to and belief
in the importance of open source digital investigation tools. Volatile
Systems is committed to the belief that the technical procedures used to
extract digital evidence should be open to peer analysis and review. We
also believe this is in the best interest of the digital investigation
community, as it helps increase the communal knowledge about systems we
are forced to investigate. Similarly, we do not believe the availability
of these tools should be restricted and therefore encourage people to
modify, extend, and make derivative works, as permitted by the GPL.

Packages

Volatility-2.5-3.el5.i686 [8.8 MiB] Changelog by Lawrence R. Rogers (2015-11-18):
* Release 2.5-3
	Rebuilt with an older version of distorm3 to address a specific error.
Volatility-2.5-2.el5.i686 [8.8 MiB] Changelog by Lawrence R. Rogers (2015-10-20):
* Release 2.5-2
	This is the official Volatility 2.5 release.
	See the announcement here: http://www.volatilityfoundation.org/#!25/c1f29.
Volatility-2.5-1.el5.i686 [8.8 MiB] Changelog by Lawrence R. Rogers (2015-10-20):
* Release 2.5-1
	Version 2.5.
Volatility-2.4-9.el5.i686 [7.3 MiB] Changelog by Lawrence R. Rogers (2015-06-30):
* Release 2.4-9
	See https://code.google.com/p/volatility/source/list for a list of changes
Volatility-2.0.1-3.el5.i386 [2.4 MiB] Changelog by Lawrence R. Rogers (2012-01-07):
* Release 2.0.1-3
	Added revision R134 of malware.py from the Malware Cookbook (http://www.malwarecookbook.com/)
	It includes the following:
		r134	remove CheckPoolIndex on IoFs pool scanner
		r133 	add --physical-offset option to psxview. Fixes Issue #37
		r131 	compat change for timers plugin on 2.0 and 2.1
		r127 	malware.py compatibility changes to allow easy integration to vol 2.0 and vol 2.1 alpha
		r126 	revert changes to malware.py r124 - incompatible with vol2.0
		r124 	update malware plugins with changes made to main branch in Issue 1137 (http://code.google.com/p/volatility/source/detail?r=1137)
		r112 	fix hex formatting issue in timers plugin
		r111 	add timers plugin

Listing created by Repoview-0.6.6-1.el6