LiFTeR: Changes for Volatility
- October 11, 2023: Volatility-2.6.1-7.{el7,el8}.x86_64.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
This version of Volatility is the official version of Volatility 2.6.1 that has been patched to May 14, 2021.
You can read about this version here.
This release fixes a permissions problem with some of the directories.
- March 16, 2022: Volatility-2.6.1-8.{fc35,amzn2}.x86_64.rpm -
The Volatility Framework is a completely open collection of tools,
implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
This version fixes some logic and coding errors in the vol.py script which is actually a BASH script that relies on a docker container
to run Volatility. You can find that docker container here.
This container means that Python 2 is no longer needed on the host.
- May 19, 2021: Volatility-2.6.1-6.{fc31,fc32,fc33,fc34,el7,el8}.x86_64.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
This version of Volatility is the official version of Volatility 2.6.1 that has been patched to May 14, 2021.
You can read about this version here.
- October 30, 2020: Volatility-2.6.1-5.{fc27,fc28,fc29,fc30,el6}.{i386,x86_64}.rpm and Volatility-2.6.1-5.{fc31,fc32,el7,el8}.x86_64.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
This version of Volatility is the official version of Volatility 2.6.1 that has been patched to October 27, 2020.
You can read about this version here.
- June 12, 2020: Volatility-2.6.1-4.{fc27,fc28,fc29,fc30,el6}.{i386,x86_64}.rpm and Volatility-2.6.1-4.{fc31,fc32,el7,el8}.x86_64.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
This version of Volatility is the official version of Volatility 2.6.1 that has been patched to June 8, 2020.
You can read about this version here.
- July 31, 2019: Volatility-2.6.1-3.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i386,x86_64}.rpm and Volatility-2.6.1-3.el7.x86_64.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
This version of Volatility is the official version of Volatility 2.6.1 that has been patched to July 29, 2019.
You can read about this version here.
To install this update on Fedora 25 and CentOS/RHEL 6 and 7, you must first do the following:
sudo rpm -ev yara-python --nodeps
- April 5, 2019: Volatility-2.6.1-2.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i386,x86_64}.rpm and Volatility-2.6.1-2.el7.x86_64.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
This version of Volatility is the official version of Volatility 2.6.1 that has been patched to April 3, 2019.
You can read about this version here
- January 18, 2019: Volatility-2.6-6.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i386,x86_64}.rpm and Volatility-2.6-6.el7.x86_64.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
This version of Volatility is the official version of Volatility 2.6 that has been patched to November 19, 2018.
You can read about this version here
- November 20, 2018: Volatility-2.6-5.{fc23,fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i386,x86_64}.rpm and Volatility-2.6-5.el7.x86_64.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
This version of Volatility is the official version of Volatility 2.6 that has been patched to November 19, 2018.
You can read about this version here
Since the Volatility-community-plugins contain the mimikatz plugin, that plugin is no longer packaged with Volatility.
- October 19, 2018: Volatility-2.6-4.{fc23,fc24,fc25,fc26,fc27,fc28,el6}.{i386,x86_64}.rpm and Volatility-2.6-4.el7.x86_64.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
This version of Volatility is the official version of Volatility 2.6 that has been patched to October 15, 2018.
You can read about this version here
Since the Volatility-community-plugins contain the mimikatz plugin, that plugin is no longer packaged with Volatility.
- June 22, 2018: Volatility-2.6-3.{fc23,fc24,fc25,fc26,fc27,fc28,el6}.{i386,x86_64}.rpm and Volatility-2.6-3.el7.x86_64.rpm-
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
This version of Volatility is the official version of Volatility 2.6 that has been patched to June 15, 2018.
You can read about this version here
Since the Volatility-community-plugins contain the mimikatz plugin, that plugin is no longer packaged with Volatility.
- January 5, 2018: Volatility-2.6-2.{fc22,fc23,fc24,fc25,fc26,fc27,el6}.{i386,x86_64}.rpm and Volatility-2.6-2.el7.x86_64.rpm -
The Volatility Framework is a completely
open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
This version of Volatility is the official version of Volatility 2.6 that has been patched to January 2, 2018.
You can read about this version here
Since the Volatility-community-plugins contain the mimikatz plugin, that plugin is no longer packaged with Volatility.
- April 7, 2017: Volatility-2.6-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6}.{i386,x86_64}.rpm and Volatility-2.6-1.el7.x86_64.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
This version of Volatility is the official version of Volatility 2.6.
You can read about this version here
Since the Volatility-community-plugins contain the mimikatz plugin, that plugin is no longer packaged with Volatility.
- July 15, 2016: Volatility-2.5-4.{fc20,fc21,fc22,fc23,fc24,el6}.{i386,x86_64}.rpm and Volatility-2.5-4.el7.x86_64.rpm -
The Volatility Framework is a completely
open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
This version of Volatility is the official version of Volatility 2.5.
It also contains the mimikatz plugin.
This release was build using the code as of 2016-07-08.
- November 20, 2015: Volatility-2.5-3.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el5,el6}.{i386,x86_64}.rpm and Volatility-2.5-3.el7.x86_64.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
This version of Volatility is the official version of Volatility 2.5.
It also contains the mimikatz plugin.
This release was also built with Distorm3 version 3.1 as noted above.
- October 23, 2015: Volatility-2.5-1.{fc17,fc18,fc19,fc20,fc21,fc22,el5,el6}.{i386,x86_64}.rpm and Volatility-2.5-1.el7.x86_64.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
This version of Volatility uses the code as available from here as of 2015-10-20 which is identified as Volatility 2.5.
It also contains the mimikatz plugin.
- July 2, 2015: Volatility-2.4-9.{fc17,fc18,fc19,fc20,fc21,fc22,el5,el6}.{i386,x86_64}.rpm and Volatility-2.4-9.el7.x86_64.rpm-
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
This version of Volatility uses the code as available from here as of 2015-06-30.
It also contains the mimikatz plugin.
- March 27, 2015: Volatility-2.4-8.{fc17,fc18,fc19,fc20,fc21,el5,el6}.{i386,x86_64}.rpm and Volatility-2.4-8.el7.x86_64.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
This version of Volatility uses the code as available from here as of 2015-03-23.
It also contains the mimikatz plugin.
- February 13, 2015: Volatility-2.4-6.{fc17,fc18,fc19,fc20,fc21,el5,el6}.{i386,x86_64}.rpm and Volatility-2.4-6.el7.x86_64.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
This version of Volatility uses the code as available from here as of 2015-02-09
- November 26, 2014: Volatility-2.4-5.{fc17,fc18,fc19,fc20,el5,el6}.{i386,x86_64}.rpm and Volatility-2.4-5.el7.x86_64.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
This version of Volatility uses the code as available from here as of 2014-11-24.
- November 7, 2014: Volatility-2.4-4.{fc17,fc18,fc19,fc20,el5,el6}.{i386,x86_64}.rpm and Volatility-2.4-4.el7.x86_64.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
This version of Volatility uses the code as available from here as of 2014-11-03.
- October 10, 2014: Volatility-2.4-3.{fc17,fc18,fc19,fc20,el5,el6}.{i386,x86_64}.rpm and Volatility-2.4-3.el7.x86_64.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
See here for a list of changes and features in this major release.
This version of Volatility uses the code as available from here as of 2014-10-09.
- September 26, 2014: Volatility-2.4-2.{fc17,fc18,fc19,fc20,el5,el6}.{i386,x86_64}.rpm and Volatility-2.4-2.el7.x86_64.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
See here for a list of changes and features in this major release.
This version of Volatility uses the code as available from here as of 2014-09-23.
- August 15, 2014: Volatility-2.4-1.{fc17,fc18,fc19,fc20,el5,el6}.{i386,x86_64}.rpm and Volatility-2.4-1.el7.x86_64.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
See here for a list of changes and features in this major release.
- January 22, 2014: Volatility-2.3.1-2.el5.{i386,x86_64}.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
See here for a list of changes.
This version also includes the plugins from the Malware Analyst's Cookbook to version R134.
This version was rebuilt to use the latest version of yara.
- December 13, 2013: Volatility-2.3.1-1.{fc16,fc17,fc18,fc19,el5,el6}.{i386,x86_64}.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
See here for a list of changes.
This version also includes the plugins from the Malware Analyst's Cookbook to version R134.
See here for the list of recent changes.
- November 8, 2013: Volatility-2.3-1.{fc16,fc17,fc18,fc19,el5,el6}.{i386,x86_64}.rpm -
The Volatility Framework is a completely
open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
See here for a list of changes.
This version also includes the plugins from the Malware Analyst's Cookbook to version R134.
See here for the list of recent changes.
- December 4, 2012: Volatility-2.2-1.{fc14,fc15,fc16,fc17,el5,el6}.{i386,x86_64}.rpm -
The Volatility Framework is a completely
open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
See https://code.google.com/p/volatility/source/list for a list of changes.
This version also includes the plugins from the Malware Analyst's Cookbook to version R134.
See here for the list of recent changes.
- February 7, 2012: Volatility-2.0.1-3.{fc12,fc13,fc14,fc15,el5,el6}.{i386,x86_64}.rpm -
The Volatility Framework is a completely
open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. This version updates
the plugins from the Malware Analyst's Cookbook to version R134.
See here for the list of recent changes.
- August 23, 2011: Volatility-2.0.1-2.{fc12,fc13,fc14,fc15,el5,el6}.{i386,x86_64}.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License,
for the extraction of digital artifacts from volatile memory (RAM) samples. This version adds the following plugins from the Malware Analyst's Cookbook:
- apihooks - API hooks
- callbacks - system-wide notification routines
- devicetree - device tree
- driverirp - IRP hook detection
- gdt - Global Descriptor Table
- idt - Interrupt Descriptor Table
- impscan - a module for imports (API calls)
- ldrmodules - unlinked DLLs
- malfind - hidden and injected code
- psxview - hidden processes with various process listings
- ssdt_ex - Hook Explorer for IDA Pro (and SSDT by thread)
- svcscan - for Windows services
- threads - _ETHREAD and _KTHREADs
These plugins required the following additional packages:- yara-1.6-1.{fc12,fc13,fc14,fc15,el5,el6}.{i386,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input.
- yara-python-1.6-1.{fc12,fc13,fc14,fc15,el5,el6}.{i386,x86_64}.rpm - Yara-python is a Python extension that gives access to YARA's powerful features from Python scripts.
- distorm3-1.0-1.{fc12,fc13,fc14,fc15,el5,el6}.{i386,x86_64}.rpm - Distorm3 is a lightweight, easy-to-use and fast decomposer library. It disassembles instructions in 16, 32 and 64 bit modes. Supported instruction sets: FPU, MMX, SSE, SSE2, SSE3, SSSE3, SSE4, 3DNow! (w/ extensions), new x86-64 instruction sets, VMX, AMD's SVM and AVX.
- August 3, 2011: Volatility-2.0-2.{fc12,fc13,fc14,fc15,el5,el6}.{i386,x86_64}.rpm -
The Volatility Framework is a completely open collection of tools, implemented in
Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. This package was updated
because the versions for RHEL/CentOS were incorrectly configured.
- August 1, 2011: Volatility-2.0-1.{fc12,fc13,fc14,fc15,el5,el6}.{i386,x86_64}.rpm -
The Volatility Framework is a completely open collection of tools, implemented in
Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely
independent of the system being investigated but offer unprecedented visibilty into the runtime state of the system. The framework is intended to introduce people to the
techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.
See here for the list of changes.
- June 9, 2011: Volatility-1.4_rc1-1.{fc11,fc12,fc13,fc14,fc15,el5}.{i386,x86_64}.rpm -
The Volatility Framework is a completely open collection of tools, implemented in
Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely
independent of the system being investigated but offer unprecedented visibilty into the runtime state of the system. The framework is intended to introduce people to the
techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.
- June 2, 2009: Volatility-1.1.2-2.fc10.i386.rpm - Missing files were added and the command language interpreter,
python in this case, was correctly referenced.