Package: wnpp Severity: wishlist Owner: Joao Eriberto Mota Filho <eribe...@eriberto.pro.br>
* Package name : volatility Version : 2.3 Upstream Author : Volatility Foundation <volatil...@volatilityfoundation.org> * URL : https://code.google.com/p/volatility * License : GPL2 Programming Lang: Python Description : advanced memory forensics framework The Volatility Framework is a completely open collection of tools for the extraction of digital artifacts from volatile memory (RAM) samples. It is useful in forensics analysis. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibilty into the runtime state of the system. . Volatility supports memory dumps from all major 32- and 64-bit Windows versions and service packs including XP, 2003 Server, Vista, Server 2008, Server 2008 R2, and Seven. Whether your memory dump is in raw format, a Microsoft crash dump, hibernation file, or virtual machine snapshot, Volatility is able to work with it. . Linux memory dumps in raw or LiME format is supported too. There are several plugins for analyzing 32- and 64-bit Linux kernels and distributions such as Debian, Ubuntu, OpenSuSE, Fedora, CentOS, and Mandrake. . Volatility support 38 versions of Mac OSX memory dumps from 10.5 to 10.8.3 Mountain Lion, both 32- and 64-bit. Android phones with ARM processors are also supported. . These are some of the data that can be extracted: . - Image information (date, time, CPU count). - Running processes. - Open network sockets and connections. - OS kernel modules loaded. - Memory maps for each process. - Executables samples. - Command histories. - Passwords, as LM/NTLM hashes and LSA secrets. - Others. -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131029222129.4808.99268.report...@canopus.eriberto.pro.br
