This is the next point release in the 1.5 (Furka) series.
Some highlights of this release:
- New windows plugins allowing inspection of the PFN database. This allows mapping of physical memory back to the owning process and file (if it is mapped from a file).
- Improved scanning framework: Most scanners can now operate on specific memory regions, like process memory, kernel memory, pool memory etc. This allows scanners to be much faster because they are more targeted.
Releases are now also available here: http://releases.rekall-forensic.com/
We also make releases available in our own pypi repository. This allows us to host binary wheels which avoids the need for compilers on windows and osx at all. Visit http://pypi.rekall-forensic.com/ for directions about how to use that.