If you would like to practicememory forensics using Volatility but you dont like command line tools and you hate to remmber plugins then VolUtility is your friend.
Volutility1is a web frontend for Volatility framework.
Installation
In this dairy, I will install VolUtlity on Linux SIFT2workstation.
- Update your SIFT workstation and install django margin-right:210.0pt”>$ sudo apt-get update margin-right:0in”>
- Install MongoDB :
In this dairy I am not going to discuss how to install MongoDB , for futher details about margin-left:.5in”>
$ git clone https://github.com/volatilityfoundation/volatility
$ cd volatility
$ sudo python setup.py install
margin-left:.5in”>
$ git clone https://github.com/kevthehermit/VolUtility
Configuration
In this diary I am going to use the default config file volutility.conf.sample border:solid windowtext 1.0pt”>
$ ./manage.py runserver 0.0.0.0:8000
width:400px” />
Enter a name for the session and the location of the memory image ,for the profile you can either specify it or you can choose autodetect, then click on submit button width:400px” />
You have to wait for few minutest till it finishes from processing the image, once it finished the status will change to Complete width:400px” />
To examine the image click on the session name , in this the dairy its SANS ISC width:400px” />
Now let width:400px” />
And you can of course filter your result using tools such as MS Excel.
_______________________________________________________
[1] https://github.com/kevthehermit/VolUtility/wiki
[1] https://digital-forensics.sans.org/community/downloads
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.