This release adds 4 notable features for engineering teams evaluating rollout.
Published 1mo
Forensics & Incident Response
✓ No known CVEs patched
✓ No known CVEs patched in this version
Topics
digital-investigation
forensics
incident-response
malware
memory
python
+3 more
ram
volatility
volatility-framework
Summary
AI summaryAdded sockscan and process_spoofing plugins for Linux, Windows banner support, improved Intel detection for Windows 11, and added Cryptodome fallback.
Full changelog
What's Changed
Some of the improvements made in this release are as follows:
- General:
- Improve Intel layer's address space scanning by @Abyss-W4tcher
- Timeliner body format repetitions fixed by @ikelos
- Better support for utf-8 on the windows console by @Androsh7
- Switch to ruff for formatting as well as linting by @ikelos
- Linux:
- Handle new bin_attribute format for module sections by @Abyss-W4tcher
- Enhance VMA enumeration smearing protection by @Abyss-W4tcher
- Add sockscan plugin by @eve-mem
- Add process_spoofing plugin by @SolitudePy
- Windows:
- Add windows support to banners by @ikelos
- Improve windows intel detection for Windows 11 by @ikelos
- Support Cryptodome namespace when Crypto is unavailable by @oh2fih
New Contributors
- @Androsh7 made their first contribution in https://github.com/volatilityfoundation/volatility3/pull/1948
- @oh2fih made their first contribution in https://github.com/volatilityfoundation/volatility3/pull/1960
Full Changelog: https://github.com/volatilityfoundation/volatility3/compare/v2.27.0...v2.28.0
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Related context
Related tools
Beta — feedback welcome: [email protected]