Web interface for the Volatility Memory Forensics Framework https://github.com/volatilityfoundation/volatility
This requires volatility to be a library, not just an EXE file sitting somewhere. Run these commands at python shell:
Download Volatility source zip from https://github.com/volatilityfoundation/volatility
Inside the extracted folder run:
Then install these dependencies:
pip install bottle
pip install yara <br/ >
pip install distorm3 <br/ >
pip install maxminddb <br/ >
sudoon the above commands depending on your OS.
pythonif it is not in your run path.
-f File containing the RAM dump to analyze
-p Volatility profile to use during analysis (--profile may not work even though it shows as an option)
-d Optional path for output file. Default is beside memory image
-l Restrict web server from serving content outside of the local machine
-r comma separated list of plugins to run at the start
!!! WARNING: Avoid writing sqlite to NFS shares. They can lock or get corrupt. If you must, try mounting share with 'nolock' option.
Please send your ideas for features!
v1.0 - Initial release
v1.1 - Threading, Output folder option, removed unused imports
v1.2 - Pre-Scan option to run list of plugins at the start
v1.3 - Added Morph function and sample Morphs. Also fixed multiprocess bug in Windows.
v1.4 - Added Morph config builder and more sample Morphs. Added searchable and sortable table.
v1.5 - Added dynamic memory profile chooser.
v1.6 - Added plugin search and other optimizations.