iGuRu.gr New Technology in Real Time. Views & Tweaks

New Technology in Real Time. Views & Tweaks

home / tools / VolExp: Exploration of variables

VolExp: Exploration of variables

in tools

This program allows the user to access a Memory Dump. It can also act as an add-on to the Volatility Framework (https://github.com/volatilityfoundation/volatility).
The program works similarly to Process Explorer / Hacker, but also allows the user to access a Memory Dump (or access real-time memory on the computer using Memtriage).
It can run on Windows, Linux and MacOS machines, but can only use Windows memory images.
Win10Example - VolExp: Exploration of variables

Installation

git clone https://github.com/memoryforensics1/VolExp
cd VolExp
python2 volexp
python2 vol.py -f <memory file path> --profile=<memory profile> volexp
python2 memtriage.py --plugins=volexp

Application snapshots

StructAnalyzer - VolExp: Exploration of variables

Win10Handles - VolExp: Exploration of variables

You will find information about the program here.
You can download the program from here.
Spread the news

Reader Interactions

Comment Policy:

IGuRu.gr does not post comments directly. Malicious comments, comments that include ads, or comments with insults are deleted without any notice. We do not adopt the views expressed by our readers.
Your comments will be displayed after approval by the administrators

Leave your comment

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *