Skip to content

@scudette scudette released this Sep 10, 2015 · 284 commits to master since this release

This is a bugfix release with few new features:

  • A new live plugin is added that allows Rekall to install kernel drivers by itself.
  • The aff4acquire plugin now uses the live plugin to just acquire the image. Acquisition is now a simple matter of:
rekall aff4acquire myimage.aff4
  • New MacPmem driver for OSX acquisition.
  • Bugfixes around Xen support should make it more reliable now.

As usual the best way to install from source is via pip:

pip install rekall
Assets 6
You can’t perform that action at this time.