Missing notepad and clipboard plugins from volatility 2 #710
Comments
ikelos
changed the title
|
Thanks for your comment. The clipboard plugin I don't know a great deal about, but the Volatility 2 is no longer being developed, and doesn't run on python 3. Python 2 was marked as end of life on 1 Jan 2020. I've marked this as a plugin-request bug so that volunteers that want additional functionality can look towards adding it, and knowing what plugins have been requested. We're a very small volunteer group and our time commitments are varied, so I can't say when either of these plugins will be written by the core team, but if you'd like to try your hand at writing them we'll be happy to offer support and advice for merging them into the main codebase... |
|
I've been bored lately, delving deeper in memory forensics, and decided to make a notepad plugin for volatility3 myself. It doesn't parse any heap structures or anything fancy like that, it uses a pretty simple memory pattern to look for the displayed text in VADs and a huge charset to filter garbage, It can rarely produce false-positives, but it's better than nothing :) @ikelos, should I make a PR? |
|
Yes please! We're always happy to review contributions! I can't say whether it'll get included, but at least if there's a PR people may find it. If you could put it in the |
Thanks, will do in a little bit |
Some of the functions of vol2 are not available to me in vol3.
e.g.
vol -f xxx notepadorvol -f xxx clipboardEven there is no way to view the history of the command line.
This is fatal to forensics.
I am currently unable to use vol3 to complete normal forensic actions, can you please make vol3 compatible with vol2 as soon as possible?
I do love the fast and modular design of vol3 and I hope vol3 will one day replace vol2 in the future.
The text was updated successfully, but these errors were encountered: