This release introduced support for 32- and 64-bit Linux memory samples, an address space for LiME (the Linux Memory Extractor), and a suite of 14 new plugins to investigate Windows GUI space--including clipboard contents, desktop windows, and screenshots.

 

Released: October 2012

 

• Download the Volatility 2.2 Windows Standalone Executable

• Download the Volatility 2.2 Windows Python Module Installer

• Download the Volatility 2.2 Source Code (zip)

• Download the Volatility 2.2 Source Code (.tar.gz)​

• Download the Integrity Hashes

• View the README

• View the CREDITS

 

Release Highlights

 

• Introduction of Linux support (Intel x86, x64)

  • Kernels: 2.6.11 to 3.5

  • Debian, Ubuntu, OpenSuSE, Fedora, CentOS, Mandriva, and more...

• Approximately 35 new Linux plugins

• New LiME Address Space

• Addition of the win32k suite (14 new plugins and APIs for analyzing windows GUI memory)

• New windows plugins:

  • getservicesids: calculate SIDs of windows services

  • evtlogs: parse XP and 2003 event logs from memory

 

Operating System Support

 

• 32- and 64-bit Windows 7 (all service packs)

• 32- and 64-bit Windows Server 2008 (all service packs)

• 64-bit Windows Server 2008 R2 (all service packs)

• 32- and 64-bit Windows Vista (all service packs)

• 32- and 64-bit Windows Server 2003 (all service packs)

• 32- and 64-bit Windows XP (SP2 and SP3)

• 32- and 64-bit Linux kernels from 2.6.11 to 3.5

 

Memory Format Support

 

• Raw/Padded Physical Memory

• Firewire (IEEE 1394)

• Expert Witness (EWF)

• 32- and 64-bit Windows Crash Dump

• 32- and 64-bit Windows Hibernation