MyGit

JamesHabben/evolve

Fork: 42 Star: 259 (更新于 2024-11-02 18:24:48)

license: 暂无

Language: JavaScript .

Web interface for the Volatility Memory Forensics Framework

最后发布版本: v1.6 ( 2017-11-16 13:04:34)

GitHub网址


Web interface for the Volatility Memory Forensics Framework https://github.com/volatilityfoundation/volatility

Current Version: 1.6 (2017-11-16)

See what people are saying: #EvolveTool
Short video demo: https://youtu.be/55G2oGPQHF8
Pre-Scan video: https://youtu.be/mqMuQQowqMI

Installation

This requires volatility to be a library, not just an EXE file sitting somewhere. Run these commands at python shell:

Download Volatility source zip from https://github.com/volatilityfoundation/volatility
Inside the extracted folder run:
setup.py install

Then install these dependencies:
pip install bottle
pip install yara <br/ > pip install distorm3 <br/ > pip install maxminddb <br/ >

Usage

-f File containing the RAM dump to analyze
-p Volatility profile to use during analysis (--profile may not work even though it shows as an option)
-d Optional path for output file. Default is beside memory image
-l Restrict web server from serving content outside of the local machine
-r comma separated list of plugins to run at the start

!!! WARNING: Avoid writing sqlite to NFS shares. They can lock or get corrupt. If you must, try mounting share with 'nolock' option.

Features

  • Works with any Volatility module that provides a SQLite render method (some don't)
  • Automatically detects plugins - If volatility sees the plugin, so will eVOLve
  • All results stored in a single SQLite db stored beside the RAM dump
  • Web interface is fully AJAX using jQuery & JSON to pass requests and responses
  • Uses Bottle module in Python to provide a standalone web server
  • Option to edit SQL query to provide enhanced data views with data from multiple tables
  • Run plugins and view data from any browser - even a tablet!
  • Allow multiple people to review results of single RAM dump
  • Multiprocessing for full CPU usage
  • Pre-Scan runs a list of plugins at the start

Coming Features

  • Save custom queries for future use
  • Import/Export queries to share with others
  • Threading for more responsive interface while modules are running
  • Export/save of table data to JSON, CSV, etc
  • Review mode which requires only the generated SQLite file for better portability

Please send your ideas for features!



Release notes:
v1.0 - Initial release
v1.1 - Threading, Output folder option, removed unused imports
v1.2 - Pre-Scan option to run list of plugins at the start
v1.3 - Added Morph function and sample Morphs. Also fixed multiprocess bug in Windows.
v1.4 - Added Morph config builder and more sample Morphs. Added searchable and sortable table.
v1.5 - Added dynamic memory profile chooser.
v1.6 - Added plugin search and other optimizations.

最近版本更新:(数据更新于 2024-09-12 03:46:49)

2017-11-16 13:04:34 v1.6

2017-11-16 13:01:46 v1.5

JamesHabben/evolve同语言 JavaScript最近更新仓库

2024-11-22 16:46:00 meshery/meshery

2024-11-21 23:03:24 bia-pain-bache/BPB-Worker-Panel

2024-11-21 22:46:48 MHSanaei/3x-ui

2024-11-21 07:00:59 nodejs/node

2024-11-21 00:49:46 FortAwesome/Font-Awesome

2024-11-18 14:26:02 projectdiscovery/nuclei-templates