volatility 2.3.1-7 source package in Ubuntu
Changelog
volatility (2.3.1-7) unstable; urgency=medium
* debian/control: moved python from Depends to Suggests field in
volatility-tools binary, to avoid unnecessary installs when
making a Linux profile only. It is a special case.
-- Joao Eriberto Mota Filho <email address hidden> Fri, 31 Jan 2014 07:40:07 -0200
Upload details
- Uploaded by:
- Debian Forensics
- Uploaded to:
- Sid
- Original maintainer:
- Debian Forensics
- Architectures:
- all
- Section:
- misc
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Trusty | release | universe | misc |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| volatility_2.3.1-7.dsc | 1.7 KiB | 0396c05d24018628d914327649617e00c51672a55ec6171dfc789f6413a876b4 |
| volatility_2.3.1.orig.tar.gz | 1.7 MiB | bb1411fc671e0bf550a31e534fb1991b2f940f1dce1ebe4ce2fb627aec40726c |
| volatility_2.3.1-7.debian.tar.xz | 10.3 KiB | 46d10d3741337a270e57c3e826cbef14cc09c4138aeb5e80133b380d852858cf |
Available diffs
- diff from 2.3.1-6 to 2.3.1-7 (646 bytes)
No changes file available.
Binary packages built by this source
- volatility: advanced memory forensics framework
The Volatility Framework is a completely open collection of tools for the
extraction of digital artifacts from volatile memory (RAM) samples. It is
useful in forensics analysis. The extraction techniques are performed
completely independent of the system being investigated but offer
unprecedented visibility into the runtime state of the system.
.
Volatility supports memory dumps from all major 32- and 64-bit Windows
versions and service packs. Whether your memory dump is in raw format, a
Microsoft crash dump, hibernation file, or virtual machine snapshot,
Volatility is able to work with it.
.
Linux memory dumps in raw or LiME format are supported too. There are several
plugins for analyzing 32- and 64-bit Linux kernels and distributions such as
Debian, Ubuntu, OpenSuSE, Fedora, CentOS, and Mandrake.
.
Volatility also support several versions of Mac OSX memory dumps, both 32-
and 64-bit. Android phones with ARM processors are also supported.
.
These are some of the data that can be extracted:
.
- Image information (date, time, CPU count).
- Running processes.
- Open network sockets and connections.
- OS kernel modules loaded.
- Memory maps for each process.
- Executables samples.
- Command histories.
- Passwords, as LM/NTLM hashes and LSA secrets.
- Others.
- volatility-tools: generate profiles to Volatility Framework
The Volatility Framework is a completely open collection of tools for the
extraction of digital artifacts from volatile memory (RAM) samples. It is
useful in forensics analysis.
.
This package provides the code used to generate Linux and MAC profiles to
Volatility.
