Please select a template

EnCase App Central

Extend the power of EnCase. Access, download and install software apps built by expert EnScript developers that help you get down to business – faster.

Become a Developer

Volatility Reporting Plugin

Volatility 2.4 Standalone executable integration with EnCase for centralized reporting of memory forensic results through the use of bookmarks.

Download the Volatility 2.4 Standalone executable from The Volatility Foundation. The plugin needs to be configured with the location of the Volatility program by right clicking on the memory image that displays a tool menu called Volatility 2.4 Standalone. Choose the Executable Location option that will allow you to browse and select the program. The identified location will be stored in a configuration file that the plugin will reference.

EnCase will export the acquired PhysicalMemory to a DD format using the unique GUID as identification so that it can be stored in the case specific temporary folder. Volatility will run the requested commands against the memory and return the completed analysis to the Console View plus create a Note Bookmark for centralized reporting. The examiner can execute their own Volatility analysis by using the Command Ninja option that provides a completed command line -f argument for the memory location to get them started. Also you can set the --profile command line argument by right clicking on the memory image and choosing the Profile Selection option.

Download Now



Version: 3
Tested with:
EnCase Forensic 7.10
Developer: John Lukach
Category: Incident Response

6021 DOWNLOADS

YOU MAY ALSO LIKE

Incident Response

MemoryAnalysis

Process Windows, Linux, and OS X memory images and find running processes, parents, create dates, and more.
By Casimer Szyper
8545 Downloads
App
Incident Response

Hacker Offender

This App is designed to discover files that are hidden by rootkits. It will place all detected files into a LEF for further analysis. This may include the malware and additional files deemed important by the attacker.
By James Habben
6317 Downloads
App
Incident Response

Team Cymru Malware Hash Registry Search

Review evidence files to assist in learning if any might correspond to malware.
By Jeffrey Savoy
6029 Downloads
App
Incident Response

VirusShare.com Hash Library

VirusShare.com is a repository of malware samples to provide security researchers, incident responders, forensic analysts samples of malicious code.
By John Lukach
5318 Downloads
App