If you would like to practicememory forensics using Volatility but you dont like command line tools and you hate to remmber plugins then VolUtility is your friend.
Volutility1 2 is a web frontend for Volatility framework.
In this dairy, I will install VolUtlity on Linux SIFT3 workstation.
In this dairy I am not going to discuss how to install MongoDB , for futher details about margin-left:.5in”>
$ git clone https://github.com/volatilityfoundation/volatility
$ cd volatility
$ sudo python setup.py install
$ git clone https://github.com/kevthehermit/VolUtility
In this diary I am going to use the default config file volutility.conf.sample border:solid windowtext 1.0pt”>
$ ./manage.py runserver 0.0.0.0:8000
Enter a name for the session and the location of the memory image ,for the profile you can either specify it or you can choose autodetect, then click on submit button width:400px” />
You have to wait for few minutest till it finishes from processing the image, once it finished the status will change to Complete width:400px” />
To examine the image click on the session name , in this the dairy its SANS ISC width:400px” />
Now let width:400px” />
And you can of course filter your result using tools such as MS Excel.
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.