VolUtility: volatility web interface

by do son · Published May 29, 2017 · Updated July 30, 2017

The Volatility Framework is fully open collection tools implemented in Python under the GNU General Public License, to extract digital artifacts samples from volatile memory (RAM).

Web interface for nonvolatile memory analysis (Web Interface for Volatility Memory Analysis), VolUtility launches plugins and stores the output data in the mongo database. This framework is a Web interface retrieves files from plugins (that support the dump-dir) and store them in a database, as well as looking at all the plug-ins and content files using the search string and the rules of yara. It allows you to continue to work with multiple images in a single database.

Installation

$ sudo apt-get update && sudo apt-get upgrade

$ sudo apt-get install python-dev python-pip git libimage-exiftool-perl

We need volatility 2.5 or later.

$ cd ~/

$ git clone https://github.com/volatilityfoundation/volatility

$ cd volatility

$ sudo python setup.py install

Mongo & PyMongo

sudo pip install pymongo

sudo pip install django

sudo pip install virustotal-api

git clone https://github.com/kevthehermit/VolUtility

Usage

cd VolUtility



./manage.py runserver 0.0.0.0:8000



Open your browser and go to http://your.ip:8000

Demo

Source: Github

VolUtility: volatility web interface

Search

Brilliantly

Content & Links