volatilityfoundation
diff --git a/‎.github/workflows/black.yml‎
Lines changed: 2 additions & 0 deletions b/‎.github/workflows/black.yml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎.style.yapf‎
Lines changed: 0 additions & 261 deletions b/‎.style.yapf‎
Lines changed: 0 additions & 261 deletions
diff --git a/‎doc/source/getting-started-linux-tutorial.rst‎
Lines changed: 1 addition & 0 deletions b/‎doc/source/getting-started-linux-tutorial.rst‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎test/test_volatility.py‎
Lines changed: 11 additions & 0 deletions b/‎test/test_volatility.py‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎volatility3/cli/__init__.py‎
Lines changed: 25 additions & 1 deletion b/‎volatility3/cli/__init__.py‎
Lines changed: 25 additions & 1 deletion
diff --git a/‎volatility3/cli/text_filter.py‎
Lines changed: 2 additions & 2 deletions b/‎volatility3/cli/text_filter.py‎
Lines changed: 2 additions & 2 deletions
@@ -11,3 +11,5 @@ jobs:
         with:
           options: "--check --diff --verbose"
           src: "./volatility3"
+          # FIXME: Remove when Volatility3 minimum Python version is >3.8
+          version: "24.8.0"
@@ -11,6 +11,7 @@ Volatility3 does not provide the ability to acquire memory.  Below are some exam
 * `AVML - Acquire Volatile Memory for Linux <https://github.com/microsoft/avml>`_
 * `LiME - Linux Memory Extract <https://github.com/504ensicsLabs/LiME>`_
 
+Be aware that LiME raw format is not supported by volatility3, the padded or lime option should be used instead. `This issue contains further information <https://github.com/504ensicsLabs/LiME/issues/111>`_.
 
 Procedure to create symbol tables for linux
 --------------------------------------------
 
@@ -341,6 +341,17 @@ def test_linux_tty_check(image, volatility, python):
     assert out.count(b"\n") >= 5
     assert rc == 0
 
+def test_linux_sockstat(image, volatility, python):
+    rc, out, err = runvol_plugin("linux.sockstat.Sockstat", image, volatility, python)
+
+    assert out.count(b"AF_UNIX") >= 354
+    assert out.count(b"AF_BLUETOOTH") >= 5
+    assert out.count(b"AF_INET") >= 32
+    assert out.count(b"AF_INET6") >= 20
+    assert out.count(b"AF_PACKET") >= 1
+    assert out.count(b"AF_NETLINK") >= 43
+    assert rc == 0
+
 
 def test_linux_library_list(image, volatility, python):
     rc, out, err = runvol_plugin(
 
@@ -235,18 +235,35 @@ def run(self):
             default=constants.CACHE_PATH,
             type=str,
         )
-        parser.add_argument(
+        isf_group = parser.add_mutually_exclusive_group()
+        isf_group.add_argument(
             "--offline",
             help="Do not search online for additional JSON files",
             default=False,
             action="store_true",
         )
+        isf_group.add_argument(
+            "-u",
+            "--remote-isf-url",
+            metavar="URL",
+            help="Search online for ISF json files",
+            default=constants.REMOTE_ISF_URL,
+            type=str,
+        )
         parser.add_argument(
             "--filters",
             help="List of filters to apply to the output (in the form of [+-]columname,pattern[!])",
             default=[],
             action="append",
         )
+        parser.add_argument(
+            "--hide-columns",
+            help="Case-insensitive space separated list of prefixes to determine which columns to hide in the output if provided",
+            default=None,
+            action="extend",
+            nargs="*",
+            type=str,
+        )
 
         parser.set_defaults(**default_config)
 
@@ -313,6 +330,8 @@ def run(self):
 
         if partial_args.offline:
             constants.OFFLINE = partial_args.offline
+        elif partial_args.remote_isf_url:
+            constants.REMOTE_ISF_URL = partial_args.remote_isf_url
 
         # Do the initialization
         ctx = contexts.Context()  # Construct a blank context
@@ -477,6 +496,7 @@ def run(self):
                 grid = constructed.run()
                 renderer = renderers[args.renderer]()
                 renderer.filter = text_filter.CLIFilter(grid, args.filters)
+                renderer.column_hide_list = args.hide_columns
                 renderer.render(grid)
         except exceptions.VolatilityException as excp:
             self.process_exceptions(excp)
@@ -604,6 +624,10 @@ def process_exceptions(self, excp):
             caused_by = [
                 "A required python module is not installed (install the module and re-run)"
             ]
+        elif isinstance(excp, exceptions.RenderException):
+            general = "Volatility experienced an issue when rendering the output:"
+            detail = f"{excp}"
+            caused_by = ["An invalid renderer option, such as no visible columns"]
         else:
             general = "Volatility encountered an unexpected situation."
             detail = ""
 
@@ -53,7 +53,7 @@ def filter(
         """Filters the row based on each of the column_filters"""
         if not self._filters:
             return False
-        found = any([column_filter.found(row) for column_filter in self._filters])
+        found = any(column_filter.found(row) for column_filter in self._filters)
         return not found
 
 
@@ -86,7 +86,7 @@ def found(self, row: List[Any]) -> bool:
         otherwise it is filtered.
         """
         if self.column_num is None:
-            found = any([self.find(x) for x in row])
+            found = any(self.find(x) for x in row)
         else:
             found = self.find(row[self.column_num])
         if self.exclude: