v2.28.0
New feature
Notable features
- Added sockscan plugin for Linux socket enumeration
- Added process_spoofing plugin for detecting spoofed processes on Linux
- Extended banners support to Windows platforms
Full changelog
What's Changed
Some of the improvements made in this release are as follows:
- General:
- Improve Intel layer's address space scanning by @Abyss-W4tcher
- Timeliner body format repetitions fixed by @ikelos
- Better support for utf-8 on the windows console by @Androsh7
- Switch to ruff for formatting as well as linting by @ikelos
- Linux:
- Handle new bin_attribute format for module sections by @Abyss-W4tcher
- Enhance VMA enumeration smearing protection by @Abyss-W4tcher
- Add sockscan plugin by @eve-mem
- Add process_spoofing plugin by @SolitudePy
- Windows:
- Add windows support to banners by @ikelos
- Improve windows intel detection for Windows 11 by @ikelos
- Support Cryptodome namespace when Crypto is unavailable by @oh2fih
New Contributors
- @Androsh7 made their first contribution in https://github.com/volatilityfoundation/volatility3/pull/1948
- @oh2fih made their first contribution in https://github.com/volatilityfoundation/volatility3/pull/1960
Full Changelog: https://github.com/volatilityfoundation/volatility3/compare/v2.27.0...v2.28.0