{"id":13511145,"url":"https://github.com/k1nd0ne/VolWeb","last_synced_at":"2025-03-30T20:32:36.332Z","repository":{"id":38201501,"uuid":"430141054","full_name":"k1nd0ne/VolWeb","owner":"k1nd0ne","description":"A centralized and enhanced memory analysis platform","archived":false,"fork":false,"pushed_at":"2025-01-25T15:52:03.000Z","size":26968,"stargazers_count":412,"open_issues_count":4,"forks_count":45,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-01-25T16:20:01.933Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/k1nd0ne.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-11-20T15:37:02.000Z","updated_at":"2025-01-25T15:52:06.000Z","dependencies_parsed_at":"2023-02-08T09:30:27.288Z","dependency_job_id":"8e0561b3-1132-4c01-bf3f-68e0aa0211d4","html_url":"https://github.com/k1nd0ne/VolWeb","commit_stats":null,"previous_names":[],"tags_count":23,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/k1nd0ne%2FVolWeb","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/k1nd0ne%2FVolWeb/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/k1nd0ne%2FVolWeb/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/k1nd0ne%2FVolWeb/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/k1nd0ne","download_url":"https://codeload.github.com/k1nd0ne/VolWeb/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246379366,"owners_count":20767694,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T03:00:35.546Z","updated_at":"2025-03-30T20:32:36.326Z","avatar_url":"https://github.com/k1nd0ne.png","language":"TypeScript","funding_links":[],"categories":["Analysis Tools","Volatility 3"],"sub_categories":["GUI"],"readme":"\u003ch1 align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/k1nd0ne/VolWeb/assets/27780432/2c4cec14-b73c-4264-9936-215ca23a55d8\" width=\"400\" height=\"200\" alt=\"VolWeb\"\u003e\n\u003c/h1\u003e\n\n\n# Introduction\n\nVolWeb is a digital forensic memory analysis platform that leverages the power of the Volatility 3 framework.\nIt is dedicated to aiding in investigations and incident responses.\n\n## 🧬 Objectives\n\nThe goal of VolWeb is to enhance the efficiency of memory collection and forensic analysis by providing a centralized, visual, and enhanced web application for incident responders and digital forensics investigators.\nOnce an investigator obtains a memory image from a Linux or Windows system (Mac coming soon), the evidence can be uploaded to VolWeb, which triggers automatic processing and extraction of artifacts using the power of the Volatility 3 framework.\n\nBy utilizing hybrid storage technologies, VolWeb also enables incident responders to directly upload memory images into the VolWeb platform from various locations using dedicated scripts interfaced with the platform and maintained by the community.\nAnother goal is to allow users to compile technical information, such as Indicators, which can later be imported into modern CTI platforms like OpenCTI, thereby connecting your incident response and CTI teams after your investigation.\n\n# 📘 Project Documentation and Getting Started Guide\n\nThe project documentation is available on the \u003ca href=\"https://github.com/k1nd0ne/VolWeb/wiki/VolWeb-Documentation\"\u003eWiki\u003c/a\u003e.\nThere, you will be able to deploy the tool in your investigation environment or lab.\n\n\u003e[!IMPORTANT]\n\u003e Take time to read the documentation in order to avoid common miss-configuration issues.\n\n# Analysis features\nA quick disclaimer: VolWeb is meant to be use in conjunction with the volatility3 framework CLI,\nit offers a different way to review \u0026 investigate some of the results and will not do all of the deep dive analysis job for you.\n\n## 💿 Hybrid storage solution\n\nYour evidences are uploaded to the VolWeb plateform and is using filesystem analyse by default for having the best performances. But you can also bind evidences from a cloud storage solution (AWS/MINIO) and bind them to your cases in order to perform the analysis directly on the cloud.\n\n## 🔬 Investigate\n\nThe investigate feature is one of the core feature of VolWeb.\nIt provides an overview of the available artefacts that were retrived by the custom volatiltiy3 engine in the backend.\nIf available, you can visualize the process tree and get basic information about each process, dump them etc...\nYou also get a enhanced view of all of the plugins results by categories.\n\n\u003cimg width=\"1728\" alt=\"image\" src=\"https://github.com/user-attachments/assets/ecdc3ba5-e3e1-48b9-9e82-3d8bba1649ae\"\u003e\n\n\n## ፨ Explore\n« _Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win._ »\n\nThe explore feature comes with VolWeb 3.0 for Windows investigations (coming soon for Linux).\nIt enable the memory forensics expert to investigate potential suspicious processes in a graph view allowing another way to look at the data, but also correlate the volatility3 plugins to get more context.\n\n\u003cimg width=\"1728\" alt=\"image\" src=\"https://github.com/user-attachments/assets/e77e5c07-4ff7-4bdb-9eb4-d8880e0a0107\"\u003e\n\n## 🚨 Capitalize and share STIX V2 Indicators\n\nWhen the expert found malicious activies, VolWeb give you the possibility to create STIX V2 Indicators directly from the interface and centralize them in your case.\nOnce your case is closed, you can generate you STIX bundle and share your Indicators with your community using CTI Platforms like MISP or OpenCTI.\n\n\u003cimg width=\"1728\" alt=\"image\" src=\"https://github.com/user-attachments/assets/5e4015ff-5eeb-495b-bfe0-7fd3bcdfe43c\"\u003e\n\n\n## 🪡 Interacting with the REST API\n\nVolWeb exposes a REST API to allow analysts to interact with the platform. A swagger is available on the platform in oder to get the full documentation.\nThere is a dedicated repository proposing some scripts maintained by the community: https://github.com/forensicxlab/VolWeb-Scripts .\n\n\u003cimg width=\"1728\" alt=\"image\" src=\"https://github.com/user-attachments/assets/84578c55-bba3-4695-b25e-bdb4e25c60bb\"\u003e\n\n## Administration\n\nVolWeb is using django in the backend. Manage your user and database directly from the admin panel.\n\n\u003cimg width=\"1718\" alt=\"image\" src=\"https://github.com/user-attachments/assets/ded4d50e-23ee-4154-bc22-0ddb76678495\"\u003e\n\n# 👔 Issues \u0026 Feature request\n\nIf you have encountered a bug, or wish to propose a feature, please feel free to create a [discussion](https://github.com/k1nd0ne/VolWeb/discussions) to enable us to quickly address them. Please provide logs to any issues you are facing.\n\n\n# 🤘 Contributing\n\nVolWeb is open to contributions. Follow the contributing guideline in the documentation to propose features.\n\n# Contact\n\nContact me at k1nd0ne@mail.com for any questions regarding this tool.\n\n# Next Release Goals\n\nCheck out the [roadmap](https://github.com/users/k1nd0ne/projects/2)\n\nCheck out the [discussions](https://github.com/k1nd0ne/VolWeb/discussions)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fk1nd0ne%2FVolWeb","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fk1nd0ne%2FVolWeb","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fk1nd0ne%2FVolWeb/lists"}