Volatility Workbench is a graphical user interface (GUI) for the Volatility tool. Volatility is a command line memory analysis and forensics tool for extracting artifacts from memory dumps. Volatility Workbench is free, open source and runs in Windows. It provides a number of advantages over the command line version including,
The current version of Volatility Workbench is v3.0-beta.1Click to download the Volatility Workbench V3.0-beta.1 (27 MB)
Collection of Additional Profiles for v2.1
Note: Select and add only the profiles you need into the "profiles" folder (Included in the Volatility Workbench download). An overload of profiles could slow down the analysis process.
Sample Memory Dumps
Download the Zip file above. Unzip it, then double click on the Volatility Workbench executable file (VolatilityWorkbench.exe). For convience a copy of the Volatility command line tool is also included.
For instuctions on how to analyse Mac/Linux dumps that are not present in the Volatilty Workbench GUI dropdown menu, view the "profile-list.txt" file in the profiles folder.
If you need a tool to collect a memory dump from a live machine, consider using OSForensics, as it writes a configuration file (CFG) along with the dump file, speeding up the analysis process in Volatility.
Source code is included with the zip download above.
Windows 10, or Windows 7
The command line version of Volatility is slow and single threaded, while memory dumps are large. Hence, a fast CPU and SSD can help.
Volatility Workbench reads and writes a configuration file (.CFG) which contains meta data about the memory dump file.
Specifications for the Volatility dump configuration file can be found here.
Volatility Workbench is released under the same license as Volatility itself.
The Volatility 3 beta release is meant to give an early view of the future direction of Volatility along with the ability to experience the new framework. The first full release in scheduled for August 2020. For more information regarding the known issues in the current beta version, please see this page.
Copyright © 2020 PassMark™ Software