Re: [Vol-users] Versions 1.3, 1.4 and 2.0

Hi Jim, So as Darren pointed out, the malware plugins have always been third party, and are not packaged with volatility (although all the dependencies necessary for malware.py from the Malware Analyst's Cookbook are present in the standalone package). The idea is that almost all of the plugins from volatility 1.3 have made their way to 2.0 (which is 1.4, but was renamed just before release because of the magnitude of the changes that went into it). I *believe* it was only raw2dmp and maybe one or at most two others that haven't made it over. Several of them have been combined into a single plugin (so for example, dmp2raw's and hibdump's functionality is now present in the more generic imagecopy, and files, etc are now in the more generic handles plugin), but there should be very little *core* functionality that was present in 1.3 that isn't present in 2.0. Third party plugins would need porting, but the vast majority of the malware plugins are already working with the 2.0 release. We're happy to help developers port their old plugins over from 1.3 to 2.0, and hopefully the process isn't too arduous, and we've created a wiki page[1] to get people started. We also hang around on the #volatility channel on the freenode IRC server, so if people are patient one of us should get back to you and can guide developers through any problems they may have porting their old plugins. I hope that helps clarify the situation? Mike 5:) [1] http://code.google.com/p/volatility/wiki/ConvertingPluginsFromVol13toVol20