Evolve – Web interface for the Volatility Memory Forensics Framework

We are pleased to announce the release of Evolve, a web interface for the Volatility memory forensics framework.  This Python-based project was developed by HTCIA member James Habben and is available for free via GitHub. Evolve can be downloaded from – https://github.com/JamesHabben/evolve

What does Evolve do?

  • Works with any Volatility module that provides a SQLite render method (some don’t)
  • Automatically detects plugins – If volatility sees the plugin, so will eVOLve
  • All results stored in a single SQLite db stored beside the RAM dump
  • Web interface is fully AJAX using jQuery & JSON to pass requests and responses
  • Uses Bottle module in Python to provide a standalone web server
  • Option to edit SQL query to provide enhanced data views with data from multiple tables
  • Run plugins and view data from any browser – even a tablet!
  • Allow multiple people to review results of single RAM dump

evolve-wsock32

evolve-connections

Leave a reply