This program allows the user to access a Memory Dump. It can also act as a propcase in the Volatility Framework (https://github.com/volatilityfoundation/volatility).
The program works similarly to Our Process Explore / Hacker, but additionally allows the user to access a Memory Dump (or access the μνήμη in real time on the computer, using Memtriage).
It can run on Windows, Linux and MacOS machines, but can only use Windows memory images.
Installation
git clone https://github.com/memoryforensics1/VolExp cd VolExp python2 volexp python2 vol.py -f --profile = volexp python2 memtriage.py --plugins = volexp
Snapshots applicationς
You will find information about the program here.
You can download the program from here.