https://github.com/dsuarezv/volatilitystudio

A GUI for the volatility framework using Electron
https://github.com/dsuarezv/volatilitystudio

Last synced: about 1 month ago
JSON representation

A GUI for the volatility framework using Electron

• Host: GitHub
• URL: https://github.com/dsuarezv/volatilitystudio
• Owner: dsuarezv
• License: mit
• Created: 2020-06-07T14:43:37.000Z (about 6 years ago)
• Default Branch: master
• Last Pushed: 2022-11-10T17:24:39.000Z (over 3 years ago)
• Last Synced: 2025-02-25T02:23:46.474Z (over 1 year ago)
• Language: TypeScript
• Size: 3.95 MB
• Stars: 0
• Watchers: 2
• Forks: 0
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Volatility Studio

A GUI for the [Volatility framework v3](https://github.com/volatilityfoundation/volatility3) written in Javascript with Electron. It runs on Windows, Linux and OSX.

For now a starting point to experiment with Windows memory images.

## Trying it

I have only tested this in Windows with Anaconda for now.

### Setting up volatility3 with Anaconda

Open an Anaconda command prompt and type the following commands

    conda create --name=volatility3 python=3.8  pefile

    conda activate volatility3

    cd path_to_contain_volatility

    git clone https://github.com/volatilityfoundation/volatility3

Try your installation with

    cd volatility3       (this is your VOLATILITYPATH value)

    python vol.py -h

You should get a list of supported options and commands from volatility. Now, to do something useful, you'll need to install the symbols. Please refer to [the volatility project page on GitHub](https://github.com/volatilityfoundation/volatility3) for details of the installation. To get the windows symbols, [download and unpack this](https://downloads.volatilityfoundation.org/volatility3/symbols/windows.zip) in the volatility\symbols directory.

Test your image with:

    python vol.py -f memoryimage.bin windows.info

You should get some details of the image printed.

### Volatility Studio

You need to create .env file in the root of the VolatilityStudio project with this content:

    PYTHONPATH=C:\Users\user\.conda\envs\volatility3

    VOLATILITYPATH=C:\Users\user\path\to\volatility3\cloned\repo

    MEMORYIMAGE=C:\Users\user\Downloads\MemoryImageToAnalyze.bin

To get the PYTHONPATH value, run "conda env list" and copy the location of your volatility3 environment.

Install node packages:

    npm install

After that, start VolatilityStudio with:

    npm run dev