Volatility Workbench

Volatility Workbench screen shot

Volatility Workbench is a free, open source utility designed for use with PassMark OSForensics


Volatility Workbench is a graphical user interface (GUI) for the Volatility tool. Volatility is a command line memory analysis and forensics tool for extracting artifacts from memory dumps. Volatility Workbench is free, open source and runs in Windows. It provides a number of advantages over the command line version including,

  • No need to remember command line parameters
  • Storage of the operating system profile, KDBG address and process list with the memory dump, in a .CFG file. When a memory image is re-loaded, this saves a lot of time and avoids the frustration of not knowing the correct profile to select.
  • Simpler copy & paste
  • Simpler printing of paper copies (via right click)
  • Simpler saving of the dumped information to a file on disk
  • A drop down list of available commands and a short description of what the command does
  • Time stamping of the commands executed
  • Auto-loading the first dump file found in the current folder


The current version of Volatility Workbench is v1.0

Volatility Workbench (Zip file)
Click below to download Volatility Workbench (16MB)

Download Volatility Workbench

Installation Instructions

Download the Zip file above. Unzip it, then double click on the Volatility Workbench executable file (VolatilityWorkbench.exe). For convience a copy of the Volatility command line tool is also included.

If you need a tool to collect a memory dump from a live machine, consider using OSForensics V5, as it writes a configuration file (CFG) along with the dump file, speeding up the analysis process in Volatility.

Source code is included with the download above


Windows 10, or Windows 7

The command line version of Volatility is slow and single threaded, while memory dumps are big. So a fast CPU and SSD can help.


Volatility Workbench is released under the same license as Volatility itself, which is GPL version 2.

Config file specification

Volatility Workbench reads and writes a configuration file (.CFG) which contains meta data about the memory dump file.

Specifications for the Volatility dump configuration file can be found here.

What's new

v1.0, 5 June 2017

  • Initial release
Conference banner