Volatility 3

Forensics & Incident Response

A Python‑based framework for extracting digital artifacts from volatile memory (RAM) samples

Track releases GitHub Website

Python Latest v2.28.0 · 1mo ago Security brief →

Features

Extracts runtime state and forensic data from RAM dumps
Supports Windows, macOS, and Linux symbol tables
Provides a plugin architecture for custom analysis workflows

Recent releases

View all 2 releases →

v2.28.0 New feature 1mo

Notable features

Added sockscan plugin for Linux socket enumeration
Added process_spoofing plugin for detecting spoofed processes on Linux
Extended banners support to Windows platforms

Full changelog

What's Changed

Some of the improvements made in this release are as follows:

General:
- Improve Intel layer's address space scanning by @Abyss-W4tcher
- Timeliner body format repetitions fixed by @ikelos
- Better support for utf-8 on the windows console by @Androsh7
- Switch to ruff for formatting as well as linting by @ikelos
Linux:
- Handle new bin_attribute format for module sections by @Abyss-W4tcher
- Enhance VMA enumeration smearing protection by @Abyss-W4tcher
- Add sockscan plugin by @eve-mem
- Add process_spoofing plugin by @SolitudePy
Windows:
- Add windows support to banners by @ikelos
- Improve windows intel detection for Windows 11 by @ikelos
- Support Cryptodome namespace when Crypto is unavailable by @oh2fih

New Contributors

@Androsh7 made their first contribution in https://github.com/volatilityfoundation/volatility3/pull/1948
@oh2fih made their first contribution in https://github.com/volatilityfoundation/volatility3/pull/1960

Full Changelog: https://github.com/volatilityfoundation/volatility3/compare/v2.27.0...v2.28.0

View release on GitHub

v2.27.0 New feature 4mo

Notable features

pebmasquerade plugin
Arrow/Parquet renderer
Improved Linux plugins

View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Releases

View all →

Releases per month

Cadence 0.1 / wk

Last release 34d

Tracked 2

Security

Full profile →

Security score 7.5/10

OpenSSF 4.3/10

Open CVEs 0

SBOM Active maintainer

Community

GitHub stars 4,144

Forks 653

Open issues 129

Open PRs 67

Stars/wk velocity 0.0

About

Stars

4,144

Forks

653

Languages

Python Shell

View on GitHub Homepage Documentation

Install & Platforms

Install via

pip

Platforms

linux macos windows

Community & Support

Slack