The following are release announcements for Rekall. Please download these directly from GitHub.

Release 1.7.1

posted Nov 5, 2017, 11:57 PM by Mike Cohen

The release includes:

  • Full support for Python 3
  • A refactored and improved EFilter which should be more robust and powerful.

You can install this release with pip:

$ virtualenv -p python3 /tmp/MyEnv
Already using interpreter /usr/bin/python3
Using base prefix '/usr'
New python executable in /tmp/MyEnv/bin/python3
Also creating executable in /tmp/MyEnv/bin/python
Installing setuptools, pkg_resources, pip, wheel...done.
$ source /tmp/MyEnv/bin/activate
(MyEnv) $ pip install rekall

Release 1.7.0RC1 Hurricane Ridge

posted Aug 7, 2017, 11:25 PM by Mike Cohen

This DFRWS 2017 release of Rekall introduces the Rekall Agent - a full featured enterprise grade remote forensic framework. We also launch our new logo and website design. Read the white paper.

Watch the DFRWS 2017 Rekall Workshop page for more information.

The Rekall Agent Server software can be downloaded from its own repository.

Release 1.6.0 Gotthard

posted Jul 31, 2017, 4:42 AM by Mike Cohen   [ updated Jul 31, 2017, 4:43 AM ]

This is the next release of the Rekall Forensic Framework code named Gotthard. In this release we introduce the Rekall Agent - a new experimental endpoint security agent based on cloud technologies. The agent is described in the blog post.

As usual, you can install this version by first creating a virtual env and then installing using pip:

$ virtualenv  /tmp/MyEnv
New python executable in /tmp/MyEnv/bin/python
Installing setuptools, pip...done.
$ source /tmp/MyEnv/bin/activate
$ pip install --upgrade setuptools pip wheel
$ pip install rekall-agent rekall

Version 1.5 - Code name Furka

posted Jul 31, 2017, 4:38 AM by Mike Cohen   [ updated Jul 31, 2017, 4:38 AM ]

This is the next point release in the 1.5 (Furka) series.

Some highlights of this release:

  • Rekall had obtained many live plugins for Incident Response:

  • glob, wmi, registry yara scanning of files etc. This capability makes Rekall a capable tool for incident response and triaging.

  • EFilter is now better integrated. Users can simple run SQL queries directly in the console.

  • Artifact collector allows Rekall to use the forensic artifacts project (

As always install with pip and virtualenv:

$ virtualenv /path/to/env
$ source /path/to/env/bin/activate
$ pip install --upgrade pip setuptools wheel
$ pip install rekall

1-4 of 4