Volatility Framework 2.0 Released

Wow. This, in addition to MANDIANT’s recently released Redline tool, will amount to another devastating blow to HBGary Responder Pro sales and market share. How can you justify the $9000 USD cost for a Responder Pro license plus annual maintenance if one of these free tools works for the platforms you work on?

The following platforms are currently supported:
32bit Windows XP Service Pack 2 and 3
32bit Windows 2003 Server Service Pack 0, 1, 2
32bit Windows Vista Service Pack 0, 1, 2
32bit Windows 2008 Server Service Pack 1, 2 (there is no SP0)
32bit Windows 7 Service Pack 0, 1


email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement


6 Responses to “Volatility Framework 2.0 Released”

  1. Anonymous said:

    Aug 06, 11 at 1:00 pm

    True. How can you justify 60,000 for a corvette when you can build a boxcar out of plywood in your garage for free?

    Same basic idea.

  2. Tim S said:

    Aug 06, 11 at 6:06 pm

    While I’ve historically been a huge fan of Volatility & Mandiants free tools, I just cant help but point out the elephant in the room. Where is the 64-bit support? All the large hardware manufacturers don’t even sell 32-bit hardware anymore and virtually all new machines have been shipping with 64-bit operating systems since last year.

    Am I missing something?

  3. Greg Hoglund said:

    Aug 09, 11 at 2:51 am


    Devastating blow? You may not know that HBGary released a free version of Responder at the CEIC conference earlier this year. We support the community and have made the CE version available for training as well. You should also know that the free version of Responder supports:

    32bit Windows ALL VERSIONS, ALL SERVICE PACKS (excluding NT4.0)

    Responder CE also supports scripting and comes with the source code to a command-line version that you can customize at will. I hope this helps.

    -Greg Hoglund

  4. Me said:

    Aug 16, 11 at 6:46 am

    Digital DNA is what makes it slick. I’m less of a fan of RP than I am of Active Defense. Try running Violatility on 100s of systems at once…

  5. B said:

    Sep 19, 11 at 12:26 am

    Can volatility perform analysis of a live system without doing a complete memory dump first? If you’re going to use it in the enterprise to look for indicators of compromise, I think it would be useful to be able to sample live memory instead of trying to manage 2gb+ dumps from hundreds or thousands of systems.

  6. David Sharpe said:

    Sep 19, 11 at 8:33 am

    Volatility can’t, but I hear Voltage (used within Terremark) from the same original Volatility developer can.

Leave a Reply