Releases‎ > ‎

Version 1.5 - Code name Furka

posted Jul 31, 2017, 4:38 AM by Mike Cohen   [ updated Jul 31, 2017, 4:38 AM ]

This is the next point release in the 1.5 (Furka) series.

Some highlights of this release:

  • Rekall had obtained many live plugins for Incident Response:

  • glob, wmi, registry yara scanning of files etc. This capability makes Rekall a capable tool for incident response and triaging.

  • EFilter is now better integrated. Users can simple run SQL queries directly in the console.

  • Artifact collector allows Rekall to use the forensic artifacts project (

As always install with pip and virtualenv:

$ virtualenv /path/to/env
$ source /path/to/env/bin/activate
$ pip install --upgrade pip setuptools wheel
$ pip install rekall