Skip to content
This repository has been archived by the owner on Oct 18, 2020. It is now read-only.

Release 1.2.1 Col de la Croix
Compare
Choose a tag to compare
@scudette scudette released this 21 Dec 12:16
· 467 commits to master since this release
v1.2.1
0624d25

This is the next release of the Rekall Memory Forensic framework, codenamed after another awesome Swiss mountain pass - Col de la Croix

Cool things in this release:

  1. Rekall can now analyse and acquire the windows pagefile (See blog post here).
  2. Rekall has native NTFS support. You can even use it on the live device (Try rekall -f \\.\c:)
  3. Lots of interesting new plugins:
    • ewfacquire - Rekall can now natively create and read EWF files. You can acquire an image of memory into an EWF file (Note - Writing is not compatible with Encase).
    • inspect_heap - Rekall can enumerate all usermode heap allocation (Win7x64 only right now).
    • MIPS support thanks to Karl Vogel
  4. Lots of work on Entities - currently confined to OSX analysis only but please try it out!

See our release page for more details.

We also added travis-ci to Rekall and fixed lots of bugs :-)

Assets 5
Loading