-
Notifications
You must be signed in to change notification settings - Fork 15
Home
Welcome to the VolExp wiki!
This program allows you access to a Memory Dump. It can also function as a plugin to the Volatility Framework (https://github.com/volatilityfoundation/volatility). This program functions similarly to Process Explorer/Hacker, but additionally it allows the user access to a Memory Dump (or access the real-time memory on the computer using Memtriage). This program can run from Windows, Linux and MacOS machines, but can only use Windows memory images.
-
Download the volexp.py file (download the memtriage.py file as well and replace it with your memtriage.py file if you want to use memtriage https://github.com/gleeda/memtriage).
-
Run as a standalone program or as a plugin to Volatility:
- As a standalone program:
python2 volexp- As a Volatility plugin:
python2 vol.py -f <memory file path> --profile=<memory profile> volexpGo to https://github.com/memoryforensics1/VolExp/wiki/VolExp-Help to get help