Rekall

This is a mostly bugfix release.

The release includes:

* Full support for Python 3
* A refactored and improved EFilter which should be more robust and powerful.

You can install this release with pip:


$ virtualenv -p python3 /tmp/MyEnv
Already using interpreter /usr/bin/python3
Using base prefix '/usr'
New python executable in /tmp/MyEnv/bin/python3
Also creating executable in /tmp/MyEnv/bin/python
Installing setuptools, pkg_resources, pip, wheel...done.
$ source /tmp/MyEnv/bin/activate
(MyEnv) $ pip install rekall

This DFRWS 2017 release of Rekall introduces the Rekall Agent - a full featured enterprise grade remote forensic framework. We also launch our new logo and website design. Read the [white paper](http://www.rekall-forensic.com/documentation-1/user-manual).

Watch the [DFRWS 2017 Rekall Workshop](http://dfrws2017.rekall-forensic.com/) page for more information.

The Rekall Agent Server software can be downloaded from [its own repository](https://github.com/rekall-innovations/rekall-agent-server).

You can install this release with pip:

$ virtualenv /tmp/MyEnv
New python executable in /tmp/MyEnv/bin/python
Installing setuptools, pip...done.
$ source /tmp/MyEnv/bin/activate
$ pip install --upgrade setuptools pip wheel
$ pip install --pre rekall

This is the next release of the Rekall Forensic Framework code named [Gotthard](https://www.google.com/search?q=Gotthard+pass&source=lnms&tbm=isch&biw=1280&bih=627). In this release we introduce the Rekall Agent - a new experimental endpoint security agent based on cloud technologies. The agent is described in the [blog post](http://rekall-forensic.blogspot.ch/2016/10/the-rekall-agent-whitepaper.html).

As usual, you can install this version by first creating a virtual env and then installing using pip:


$ virtualenv /tmp/MyEnv
New python executable in /tmp/MyEnv/bin/python
Installing setuptools, pip...done.
$ source /tmp/MyEnv/bin/activate
$ pip install --upgrade setuptools pip wheel
$ pip install rekall-agent rekall

The next point release in this Rekall series is released just in time for our DFRWS workshop. The workshop slides are probably the best reference for all the new features included in this release: http://dfrws2016.rekall-forensic.com/

This is the next point release in the 1.5 (Furka) series.

Some highlights of this release:
- Rekall had obtained many live plugins for Incident Response:
- glob, wmi, registry yara scanning of files etc. This capability makes Rekall a capable tool for incident response and triaging.
- EFilter is now better integrated. Users can simple run SQL queries directly in the console.
- Artifact collector allows Rekall to use the forensic artifacts project (https://github.com/ForensicArtifacts/artifacts)

As always install with pip and virtualenv:


$ virtualenv /path/to/env
$ source /path/to/env/bin/activate
$ pip install --upgrade pip setuptools wheel
$ pip install rekall