sábado, junho 21, 2014

Volatility Interface & Extensions

Volatility Interface & Extensions

This project aims to develop a software to extend the use and simplify the handling of the Volatility Framework .
Objectives of VOLIX:
  • Simplify the handling of Volatility
    • Provide a more intuitive GUI handling
    • Reduce complex command sequences to a single click
    • Improving usability
  • Increase analysis speed (no tedious typing of commands)
  • Make comparison and correlation of results easier
  • Offer assistance / examples
  • Provide new functions
  • Automated search for malware and analysis of the findings by VirusTotal
  • Detecting of hidden processes and network connections
  • Integrate existing and new plug-Ins
  • Provide a graphical analysis of images in the form of diagrams and/or statistics
  • Generate reports
  • *NEW* Complete support of the Volatility Framework 2.3.1
    • With all Linux and MacOS plugins
  • *NEW* Improved helpfile with a complete investigation example
  • *NEW* A questionaire can be filled in, that will be analysed by VOLIX II and based on this the plugins will be inserted
  • *NEW* The investigation is now mostly automated
  • *NEW* A new plugin will be started as soon as another one ends
    • Up to three plugins will run simultaneously
    • Results are parsed to set parameters for the plugins that are started next
  • *NEW* A complete final report can now be created at any time
  • *NEW* John the Ripper was integrated into Volix II to crack SAM hashes

Load RAM Image
Malware search
Malware results

*NEW* Crack SAM-Hashes

*NEW* Final report
Information on the project:
  • The project started in Spring 2013 and is still ongoing.
  • Comments and suggestions are appreciated.
  • If you want to be kept informed about this project, subscribe to our Volix Newsletter (you need to register for that).
Members of the project team:
Current project members:
Patrick Bock
Rene Woelker
Former projekt members:
Steffen Logen
Messages to the VOLIX-Team:
Current version:
SHA256:   343205d1a8a9f22415696b50d803509bb96667c362b2a561bacb8ecfb1cd6786
SHA1:       80b6f66ecb7759567933b76229c21c89542bcbfe
MD5:     8d2081441f4a41bdcccfb16ef411504c

Previous versions:
SHA256:    568c587e5e80e91e64f6171a80bc9ed919c71ee8a90ea5be8be8c509170c570a
SHA1:     34b08e56f347dbb372e73b1332f870d46debfc5e
MD5:      831f69ad71d32cc522e3d792e481c7e7
SHA256:   104f60d27e56f02e268a1929383388d7c8896b77a3cf02ae4f557fb081a55617
SHA1:     d4f881cddbc5515aa9cde20de367791b1738bc69
MD5:     60db58eccc5052ebbd66a5e2972021b5
Manual (German)
Material from ARES 2012:
© FH Aachen (2011-2014)

font: http://www.it-forensik.fh-aachen.de/projekte/volix/13 

0 comentários:

Postar um comentário