volatility3 icon indicating copy to clipboard operation
volatility3 copied to clipboard
verified publisher icon volatilityfoundation

Feat: Migrate windows idt plug-in to volatility 3

Open Ma1icious opened this issue 2 years ago • 3 comments

I moved volatility2 windows idt plug-in to volatility 3 and is currently being tested somewhat, although the code is not very elegant. Relevant Issue: #974

Ma1icious avatar Jun 29 '23 08:06 Ma1icious

Thanks very much for your submission!

This is a good first attempt, but there's a couple of minors points and a major shift in the way it operates which I'd strongly recommend. Where you've constructed your own objects (such as KPCR, etc) please consider instead defining a JSON ISF file, and defining class_types to override the standard struct class for any calculations/convenience methods that the objects should have.

You can find more information at: https://volatility3.readthedocs.io/en/stable/complex-plugin.html#writing-using-intermediate-symbol-format-files https://volatility3.readthedocs.io/en/stable/complex-plugin.html#writing-new-templates-and-objects

Or please ask on the slack channel #vol3-dev for help if you need it. 5:)

Thanks for your reply! I have been busy with my work recently. I will make corrections according to the questions you raised when I am free.

Ma1icious avatar Jul 06 '23 03:07 Ma1icious

@Ma1icious there are a number of outstanding changes and comments made from our reviews. Could you please address them so that we can get the code merged?

ikelos avatar Sep 28 '23 16:09 ikelos

No response from the author so converting this to a draft.

ikelos avatar Feb 01 '24 11:02 ikelos