ikelos
commented
2 years ago Thanks for your comment. The clipboard plugin I don't know a great deal about, but the notepad plugin doesn't work in more recent versions of windows (even under volatility 2) because it's based on the way that the heap was handled back in windows 7. As such, it's unlikely anyone will invest time in replicating a plugin that won't have use in the future. Figuring out the modern heap handling code is a big task in itself, and there's not a very high priority need for it. I'm also slightly unclear how not having the contents of a notepad document could be "fatal to forensics", I've only ever seen it used in capture the flag challenges? Hyperbole doesn't really help the situation.
Volatility 2 is no longer being developed, and doesn't run on python 3. Python 2 was marked as end of life on 1 Jan 2020.
I've marked this as a plugin-request bug so that volunteers that want additional functionality can look towards adding it, and knowing what plugins have been requested. We're a very small volunteer group and our time commitments are varied, so I can't say when either of these plugins will be written by the core team, but if you'd like to try your hand at writing them we'll be happy to offer support and advice for merging them into the main codebase...
its5Q
Some of the functions of vol2 are not available to me in vol3. e.g.
vol -f xxx notepadorvol -f xxx clipboardEven there is no way to view the history of the command line. This is fatal to forensics. I am currently unable to use vol3 to complete normal forensic actions, can you please make vol3 compatible with vol2 as soon as possible? I do love the fast and modular design of vol3 and I hope vol3 will one day replace vol2 in the future.