VolUtility Logo

VolUtility

0
Free
Visit Website

VolUtility is a web interface for the Volatility Memory Analysis framework that runs plugins, stores output in a mongo database, extracts files, enables search across plugins and file content, and supports working on multiple images in one database. It also provides a video demo of its features and detailed installation and usage instructions in the wiki.

FEATURES

ALTERNATIVES

A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.

A library to access and read QEMU Copy-On-Write (QCOW) image file formats with support for zlib compression and AES-CBC encryption.

Forensic imaging program with full hash authentication and various acquisition options.

A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.

A simple Golang application for storing NIST National Software Reference Library Reference Data Set (NSRL RDS) with md5 and sha1 hash lookup searches.

Educational CTF-styled challenges for Memory Forensics.

Open source Python library for NTFS analysis

A library to access and parse OLE 2 Compound File (OLECF) format files.