outdated upstream dependencies

[drzraf]

• volatility is restricted to Python2. volatility3 replaces it but the whole plugin API changed.
• LiME project is archived. (tried on a recent kernel: it just hangs indefinitely). NB: I don't see why a system memory dump is necessary in the first place

Since the project is still very relevant nowadays, could one of this be realistic:

• Updating to volatility3
• Not relying on the volatility framework at all (only iasl) ?

[mdenzel]

Hello! :)

I already realized that volatility2 is deprecated. The API changes kept me from migrating this plugin as I have to rewrite the code entirely.

As for your remarks:

1. LiME is only an example. You can use winpmem or linpmem or any other RAM dumping tool compatible with volatility.
2. I am considering updating to volatility3 - currently busy detecting RAM injections on large scale, so migration will happen rather end of 2024 or 2025.
3. Do you have a suggestion of how to get the ACPI tables without volatility/RAM dumps? (dumping from mainboard is not an option because the mainboard interface is controlled by the attacker when they flash the mainboard, so the attacker could return a clean image)