Bài đăng

Đang hiển thị bài đăng từ Tháng 11, 2016

Evolve – Web interface for the Volatility Memory Forensics Framework

Hình ảnh
We are pleased to announce the release of Evolve, a web interface for the Volatility memory forensics framework.  This Python-based project was developed by HTCIA member James Habben and is available for free via GitHub. Evolve can be downloaded from –  https://github.com/JamesHabben/evolve What does Evolve do? Works with any Volatility module that provides a SQLite render method (some don’t) Automatically detects plugins – If volatility sees the plugin, so will eVOLve All results stored in a single SQLite db stored beside the RAM dump Web interface is fully AJAX using jQuery & JSON to pass requests and responses Uses Bottle module in Python to provide a standalone web server Option to edit SQL query to provide enhanced data views with data from multiple tables Run plugins and view data from any browser – even a tablet! Allow multiple people to review results of single RAM dump Example: python evolve.py -f /path/to/memory.dump -r atoms,pslist,connections,dlllist