You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
GVol is a lightweight GUI application built in Java designed to automate the usage of volatility toolkit for the purpose of malware analysis. The application includes various volatility plugins with their predefined options. In addition to that, users can create batch files to run multiple plugins at once to scan a memory image. Furthermore, GVol includes pre-configured batch files to simplify the usage of volatility for malware analysis process. Furthermore, user can compare the output of Volatility for two images.
GVol Features
GVol automates the use of Volatility using a graphical user interface.
It works with any Volatility version.
GVol includes a set of predefined profiles for windows operating system; also the user
can add new profiles of other operating systems.
User can select plugins and related options from the existing database or add new plugins
or options.
GVol has batch file feature to run multiple plugins. In addition to that, user can set options
for each plugin at batch file through a graphical wizard.
GVol contains a plugin description and malware analysis hints gathered from “The Art of
Memory Forensics” book and “Volatility Command Reference” which can downloaded
from this link: https://code.google.com/p/wiki/CommandReference23
GVol has a console output section which shows the command running at background and
also the output generated. The user can chose to write this output to a file. The output file
name will be a concatenation of the following image name, batch file name (if it was
used) and plugin name.
GVol now has a comparison feature, user can compare between the outputs of a plugin or
batch files for two images and detect added or deleted lines.
the target jar file shall be under the dist directory
Running
```
java -jar GVol.jar
```
Configuration
Download the latest version from releases. You need the Java runtime environment to run GVol. Run the file GVol.jar.
The first time you run GVol, you should tell it how to run Volatility.
1- Menu bar > Configuration > Cmd & profiles
2- Enter the command to run volatility in your system like "python vol.py" or the path of the standalone executable if you use it.
For more details about the tool and how to use it, read the user guide.
