This Python script provides an automated solution for performing memory forensics analysis using Volatility 3. It supports different scan types and offers flexible configuration for analyzing memory dump files.
- Python 3.7+
- Volatility 3 installed
- Memory dump file
- Clone the repository:
git clone github.com/H3xKatana/autoVolatility3/
cd autoVolatility3- Ensure Volatility 3 is installed
git clone https://github.com/volatilityfoundation/volatility3.git
cd volatility3/
python3 -m venv venv && . venv/bin/activate
pip install -e .[dev]python3 autovol3.py -f /path/to/memory/dump.dmp- Minimal: Basic system information
- Normal (Default): Comprehensive system analysis
- Full: Extensive forensic investigation
# Minimal scan
python3 autovol3.py -f memory.dmp -s minimal
# Full scan
python3 autovol3.py -f memory.dmp -s fullpython3 autovol3.py -f memory.dmp -o /custom/output/pathpython3 autovol3.py -f memory.dmp --volatility-path /custom/vol.py- System Information
- Process List
- Process Tree
- Command Lines
- All Minimal Scan Plugins
- Process Extensions
- Module Listing
- Network Connections
- Malware Detection
- DLL Listing
- All Normal Scan Plugins
- File Scanning
- Socket Connections
- Security Identifiers
- Registry Analysis
- Scheduled Tasks
- Analysis results are saved in timestamped directories
- Separate files for each Volatility plugin
- Error logs for plugins with issues
- adding support for other operating systems
- making the script run parallels