Feature/windows clipboard plugin

[IB-Mustafa]

Summary

Adds a prototype for Windows clipboard support to Volatility 3, addressing issue #710.

Volatility 2 included a clipboard plugin, but there is currently no equivalent in Volatility 3. This PR adds the required GUI structures together with an initial plugin implementation.

Changes

New file: volatility3/plugins/windows/clipboard.py

• Enumerates clipboard entries from tagWINDOWSTATION.pClipBase
• Reports clipboard formats and their associated USER handles
• Includes placeholders for future handle resolution

volatility3/framework/symbols/windows/extensions/gui.py

• Added tagCLIP with clipboard format name lookup
• Added tagCLIPDATA with helper methods for reading and decoding clipboard data
• Registered both types in class_types

GUI JSON files (Windows 10)

• Added the missing tagCLIPDATA structure.
• Updated pClipBase in tagWINDOWSTATION to point to tagCLIP instead of a hardcoded array definition.

Current state

This is an initial prototype.

The plugin can enumerate clipboard entries from a WindowStation. However, it does not yet recover the actual clipboard contents because hData is a USER handle rather than a direct pointer. Resolving it requires walking tagSHAREDINFO.aheList, which is left for future work.

Testing

• Tested on a Windows 10 (19045) memory image.
• The plugin loaded and executed successfully without errors.
• Clipboard-related data was independently verified to be present in the memory image.
• As expected, clipboard contents are not yet displayed because USER handle resolution has not been implemented.

Not yet supported

• Clipboard content recovery (requires resolving hData through tagSHAREDINFO.aheList)
• Additional clipboard formats beyond the current prototype