Source: volatility
Section: utils
Priority: optional
Maintainer: Debian Forensics <forensics-devel@lists.alioth.debian.org>
Uploaders: Joao Eriberto Mota Filho <eriberto@eriberto.pro.br>, Michael Prokop <mika@debian.org>
Build-Depends: debhelper (>= 9), python
X-Python-Version: >= 2.6
Standards-Version: 3.9.4
Homepage: https://code.google.com/p/volatility
Vcs-Git: git://anonscm.debian.org/collab-maint/volatility.git
Vcs-Browser: http://anonscm.debian.org/gitweb/?p=forensics/volatility.git;a=summary

Package: volatility
Architecture: all
Suggests: lime-forensics-dmks, libraw1394-11
Depends: ${misc:Depends}, ${python:Depends}, python-crypto, python-imaging, python-openpyxl
Description: advanced memory forensics framework
 The Volatility Framework is a completely open collection of tools for the
 extraction of digital artifacts from volatile memory (RAM) samples. It is
 useful in forensics analysis. The extraction techniques are performed
 completely independent of the system being investigated but offer
 unprecedented visibility into the runtime state of the system.
 .
 Volatility supports memory dumps from all major 32- and 64-bit Windows
 versions and service packs including XP, 2003 Server, Vista, Server 2008,
 Server 2008 R2, and Seven. Whether your memory dump is in raw format, a
 Microsoft crash dump, hibernation file, or virtual machine snapshot,
 Volatility is able to work with it.
 .
 Linux memory dumps in raw or LiME format are supported too. There are several
 plugins for analyzing 32- and 64-bit Linux kernels and distributions such as
 Debian, Ubuntu, OpenSuSE, Fedora, CentOS, and Mandrake.
 .
 Volatility support several versions of Mac OSX memory dumps from 10.5 to
 10.8.3 Mountain Lion, both 32- and 64-bit. Android phones with ARM processors
 are also supported.
 .
 These are some of the data that can be extracted:
    .
    - Image information (date, time, CPU count).
    - Running processes.
    - Open network sockets and connections.
    - OS kernel modules loaded.
    - Memory maps for each process.
    - Executables samples.
    - Command histories.
    - Passwords, as LM/NTLM hashes and LSA secrets.
    - Others.
