Evolve – Web interface for the Volatility Memory Forensics Framework
We are pleased to announce the release of Evolve, a web interface for the Volatility memory forensics framework. This Python-based project was developed by HTCIA member James Habben and is available for free via GitHub. Evolve can be downloaded from – https://github.com/JamesHabben/evolve
What does Evolve do?
- Works with any Volatility module that provides a SQLite render method (some don’t)
- Automatically detects plugins – If volatility sees the plugin, so will eVOLve
- All results stored in a single SQLite db stored beside the RAM dump
- Web interface is fully AJAX using jQuery & JSON to pass requests and responses
- Uses Bottle module in Python to provide a standalone web server
- Option to edit SQL query to provide enhanced data views with data from multiple tables
- Run plugins and view data from any browser – even a tablet!
- Allow multiple people to review results of single RAM dump
Example: python evolve.py -f /path/to/memory.dump -r atoms,pslist,connections,dlllist
Short video demo: https://youtu.be/55G2oGPQHF8
Pre-Scan video: https://youtu.be/mqMuQQowqMI
Short video demo: https://youtu.be/55G2oGPQHF8
Pre-Scan video: https://youtu.be/mqMuQQowqMI
Nhận xét
Đăng nhận xét