We get it: Ads are not what you are here for. But ads help us keep the lights on. So, add us to your adblock's whitelist or register for free to remove this notice. Either way, you are supporting our journalism. We'd really appreciate it.
Volatility Workbench is a graphical user interface (GUI) for the Volatility tool. Volatility is a command line memory analysis and forensics tool for extracting artifacts from memory dumps. Volatility Workbench is a free open source tool that provides a graphic user interface for the Volatility memory analysis forensics tool.
It provides a number of advantages over the command line version including:
- No need of remembering command line parameters.
- Storage of the operating system profile, KDBG address and process list with the memory dump, in a .CFG file. When a memory image is re-loaded, this saves a lot of time and avoids the frustration of not knowing the correct profile to select.
- Simpler copy & paste.
- Simpler printing of paper copies (via right click).
- Simpler saving of the dumped information to a file on disk.
- A drop down list of available commands and a short description of what the command does.
- Time stamping of the commands executed.
- Auto-loading the first dump file found in the current folder.
- Support for analysing Mac and Linux memory dumps.
The current version of Volatility Workbench is v2.0: