Volatility Workbench - A GUI For Volatility Memory Forensics
Volatility Workbench is a graphical user interface (GUI) for the Volatility tool. Volatility is a command line memory analysis and forensics tool for extracting artifacts from memory dumps. Volatility Workbench is free, open source and runs in Windows.
It provides a number of advantages over the command line version including:
- No need of remembering command line parameters.
- Storage of the operating system profile, KDBG address and process list with the memory dump, in a .CFG file. When a memory image is re-loaded, this saves a lot of time and avoids the frustration of not knowing the correct profile to select.
- Simpler copy & paste.
- Simpler printing of paper copies (via right click).
- Simpler saving of the dumped information to a file on disk.
- A drop down list of available commands and a short description of what the command does.
- Time stamping of the commands executed.
- Auto-loading the first dump file found in the current folder.
- Support for analysing Mac and Linux memory dumps.
Volatility Workbench - A GUI For Volatility Memory Forensics
Reviewed by Zion3R
on
5:47 PM
Rating:
![Volatility Workbench - A GUI For Volatility Memory Forensics](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMk_j0KWwm3qQ7ftDt1VVt-SNrpVrT8QIFWHGQdfuVGc4DR7LTeDSGwc9Z9MbcKh4LkFRaPTixlbT-un7pjWrCYzvcFe0K2tTl7vvPSp5VM3YWv-vhHgfjqX84KFjlsinhsNAk5NJCKrKc/s72-c/volatility-workbench.png)