Summary
Volatility is the world's most widely used framework for extracting digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer visibility into the runtime state of the system.
Versions
v2.4.0-r1 :: 0 :: gentoo
- Modified
- License
- GPL-2+
- Keywords
- ~amd64 ~x86
- USE flags
- crypt disasm jsonschema leechcore snappy test yara
v2.0.1 :: 0 :: gentoo
- Modified
- License
- GPL-2+
- Keywords
- amd64 x86
- USE flags
- crypt disasm jsonschema leechcore snappy yara
USE flags
General
- crypt
- support plugins that decrypt passwords, password hashes, etc.
- disasm
- support plugins that perform malware analysis and disassemble code
- jsonschema
- improve error messages regarding improperly configured ISF files
- leechcore
- support memory acquisition via leechcore
- snappy
- support AVMLs native compression format
- test
- Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)
- yara
- support YARA pattern matching engine
python_targets
- python3_10
- Build with Python 3.10
- python3_11
- Build with Python 3.11
- python3_9
- Build with Python 3.9
Dependencies
dev-libs / capstone : disassembly/disassembler framework + bindings
dev-python / jsonschema : An implementation of JSON-Schema validation for Python
dev-python / leechcorepyc : Python binding for LeechCore Physical Memory Acquisition Library
dev-python / pefile : Module to read and work with Portable Executable (PE) files
dev-python / pycryptodome : A self-contained cryptographic library for Python
dev-python / python-snappy : Python library for the snappy compression library from Google
dev-python / yara-python : Python interface for a malware identification and classification tool
Runtime Dependencies
dev-lang / python : An interpreted, interactive, object-oriented programming language
dev-libs / capstone : disassembly/disassembler framework + bindings
dev-python / jsonschema : An implementation of JSON-Schema validation for Python
dev-python / leechcorepyc : Python binding for LeechCore Physical Memory Acquisition Library
dev-python / pefile : Module to read and work with Portable Executable (PE) files
dev-python / pycryptodome : A self-contained cryptographic library for Python
dev-python / python-snappy : Python library for the snappy compression library from Google
dev-python / yara-python : Python interface for a malware identification and classification tool
Bugs
- 892663
- app-forensics/volatility3-2.4.0-r1: stabilization
Change logs
- Repository mirror & CI · gentoo
Merge updates from master - Mario Haustein · gentoo
app-forensics/volatility3: enable py3.11
Closes: https://bugs.gentoo.org/896544 Signed-off-by: Mario Haustein <mario.haustein@hrz.tu-chemnitz.de> Closes: https://github.com/gentoo/gentoo/pull/29797 Signed-off-by: Sam James <sam@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Michał Górny · gentoo
Rename dev-python/{snappy → python-snappy}
Signed-off-by: Michał Górny <mgorny@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - David Seifert · gentoo
*/*: remove py3.8 from PYTHON_COMPAT
Signed-off-by: David Seifert <soap@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Sam James · gentoo
app-forensics/volatility3: use canonical function definition style
Signed-off-by: Sam James <sam@gentoo.org> - Mario Haustein · gentoo
app-forensics/volatility3: enable tests
Signed-off-by: Mario Haustein <mario.haustein@hrz.tu-chemnitz.de> Closes: https://github.com/gentoo/gentoo/pull/28684 Signed-off-by: Sam James <sam@gentoo.org> - Mario Haustein · gentoo
app-forensics/volatility3: don't install test files
Closes: https://bugs.gentoo.org/886031 Signed-off-by: Mario Haustein <mario.haustein@hrz.tu-chemnitz.de> Signed-off-by: Sam James <sam@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Mario Haustein · gentoo
app-forensics/volatility3: add 2.4.0
Signed-off-by: Mario Haustein <mario.haustein@hrz.tu-chemnitz.de> Closes: https://github.com/gentoo/gentoo/pull/28665 Signed-off-by: Sam James <sam@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Sam James · gentoo
app-forensics/volatility3: Stabilize 2.0.1 x86, #863479
Signed-off-by: Sam James <sam@gentoo.org> - Sam James · gentoo
app-forensics/volatility3: Stabilize 2.0.1 amd64, #863479
Signed-off-by: Sam James <sam@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Sam James · gentoo
app-forensics/volatility3: use PEP517
Signed-off-by: Sam James <sam@gentoo.org> - Mario Haustein · gentoo
app-forensics/volatility3: version bump 2.0.1
Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Mario Haustein <mario.haustein@hrz.tu-chemnitz.de> Closes: https://github.com/gentoo/gentoo/pull/24002 Signed-off-by: Sam James <sam@gentoo.org> - Mario Haustein · gentoo
app-forensics/volatility3: new ebuild
Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Mario Haustein <mario.haustein@hrz.tu-chemnitz.de> Signed-off-by: Sam James <sam@gentoo.org>