Introduction
Volatility Workbench is a GUI (Graphical User Interface) for Volatility Memory Forensics Framework. As we now, Volatility is an open source memory forensics framework, completely open collection of tools, for incident response and malware analysis.
Volatility Workbench: GUI For Volatility Memory Forensics Framework
Volatility Workbench reads and writes a .CFG con file. This file contains meta data about the memory dump file. From version 2. Volatility Workbench has support for Mac and Linux memory dumps which you can choose from Profiles folder.
Features:
- There’s no need of remembering command line parameters.
- Storage of the operating system profile, KDBG address and process list with the memory dump, in a
.CFGfile. When a memory image is re-loaded, this saves a lot of time and avoids the frustration of not knowing the correct profile to select. - Simpler copy/paste and printing of paper copies (via right click).
- Saving of the dumped information to a file on disk it’s also simpler.
- A drop-down list of available commands and a short description of what the command does.
- Time stamping of the commands executed.
- Auto-loading the first dump file found in the current folder.
- Support for analysing Mac and Linux memory dumps (stored in the
Profilesfolder).
Requirements:
Windows 7/10- Fast CPU and SSD (preferable)
Volatility Workbench Install
- Download and unzip the file.
- Double click on
VolatilityWorkbench.exe.
Full instructions on how to analyse Mac and Linux dumps, check out the profile-list.txt file in the profiles folder. You can use OSForensics tool for collection from a live machine. It will significantly speed up the process in Volatility, since it writes a conf file along with the dump file. There is ALSO a complete tutorial on how to use OSForensics with Volatility Workbench GUI (clik on the “tutorials” button below).
