Volatility Workbench is a graphical user interface (GUI) for the Volatility tool. Volatility is a command line memory analysis and forensics tool for extracting artifacts from memory dumps. Volatility Workbench is a free open source tool that provides a graphic user interface for the Volatility memory analysis forensics tool.
It provides a number of advantages over the command line version including:
- No need of remembering command line parameters.
- Storage of the operating system profile, KDBG address and process list with the memory dump, in a .CFG file. When a memory image is re-loaded, this saves a lot of time and avoids the frustration of not knowing the correct profile to select.
- Simpler copy & paste.
- Simpler printing of paper copies (via right click).
- Simpler saving of the dumped information to a file on disk.
- A drop down list of available commands and a short description of what the command does.
- Time stamping of the commands executed.
- Auto-loading the first dump file found in the current folder.
- Support for analysing Mac and Linux memory dumps.
The current version of Volatility Workbench is v2.0:
Success! An email was just sent to confirm your subscription.