Portable PassMark Volatility Workbench 3.0.1002
Volatility Workbench Portable Software is a graphical user interface (GUI) for the Volatility tool. Volatility is a command line memory analysis and forensics tool for extracting artifacts from memory dumps. Volatility Workbench is free, open source and runs in Windows. It provides a number of advantages over the command line version including.
No need of remembering command line parameters.
Storage of the platform and process list with the memory dump, in a .CFG file. When a memory image is re-loaded, this saves a lot of time and eliminates the need to get process list each time.
Simpler copy & paste.
Simpler printing of paper copies (via right click).
Simpler saving of the dumped information to a file on disk.
A drop down list of available commands and a short description of what the command does.
Time stamping of the commands executed.
Auto-loading the first dump file found in the current folder.
Added a scripting feature that allows a series of commands to be executed in a sequence.
Script files are text files that you can create with a text editor (e.g. notepad). The script file name must end with the extension ‘.vws’.
The Volatility Workbench Portable Software searches for .vws files in working directory and lists them in the command drop down list under User Scripts.
Each script command must appear on its own line in the .vws file and the entire command must appear on a single line. (i.e. a single command cannot be split across multiple lines).
The Volatility Workbench Portable Software replaces %IMG and %PID in the script file with the image file name and process ID selected in the user interface.
Here is an example of a User Script:
-f %IMG windows.verinfo.VerInfo
-f %IMG windows.dlllist.DllList –pid %PID
Support for analysing Mac and Linux memory dumps.