We are writing as the first week of the second installment of the
Month of Volatility Plugins is now posted. Volatility 2.3 is currently
in beta, and the blog posts are focusing on new features in this
version. This week's posts discussed a number of new address spaces we
have added to support new hardware architectures and file formats.
The first one is the MachO address space used to support Mac Memory Reader:
http://volatility-labs.blogspot.com/2013/05/movp-ii-11-mach-o-address-space.html
The second is an address space used to support VirtualBox:
http://volatility-labs.blogspot.com/2013/05/movp-ii-12-virtualbox-elf64-core-dumps.html
The third address space allows for analysis of VMware snapshot files
(.vmss and .vmsn):
http://volatility-labs.blogspot.com/2013/05/movp-ii-13-vmware-snapshot-and-saved.html
The fourth address space supports the hpak format of the HBGary Fast
Dump acquisition tool:
http://volatility-labs.blogspot.com/2013/05/movp-ii-14-new-hpak-address-space.html
The final address space discussed adds support for the ARM
architecture. This is leveraged by Volatility's Android support:
http://volatility-labs.blogspot.com/2013/05/movp-ii-15-arm-address-space-volatility.html
We hope you enjoy the posts, and the second installment of posts will
begin tomorrow and cover a number of new plugins to help analyzing
Windows samples.
If you have any questions or comments please comment on an individual
blog post or email the author.
Thanks,
Andrew (@attrc)
Rabu, 29 Mei 2013
0 Response to "First week of Month of Volatility Plugins II is posted"
Posting Komentar