base on A centralized and enhanced memory analysis platform <h1 align="center">
<img src="https://github.com/k1nd0ne/VolWeb/assets/27780432/2c4cec14-b73c-4264-9936-215ca23a55d8" width="400" height="200" alt="VolWeb">
</h1>
# Introduction
VolWeb is a digital forensic memory analysis platform that leverages the power of the Volatility 3 framework.
It is dedicated to aiding in investigations and incident responses.
## ๐งฌ Objectives
The goal of VolWeb is to enhance the efficiency of memory collection and forensic analysis by providing a centralized, visual, and enhanced web application for incident responders and digital forensics investigators.
Once an investigator obtains a memory image from a Linux or Windows system (Mac coming soon), the evidence can be uploaded to VolWeb, which triggers automatic processing and extraction of artifacts using the power of the Volatility 3 framework.
By utilizing hybrid storage technologies, VolWeb also enables incident responders to directly upload memory images into the VolWeb platform from various locations using dedicated scripts interfaced with the platform and maintained by the community.
Another goal is to allow users to compile technical information, such as Indicators, which can later be imported into modern CTI platforms like OpenCTI, thereby connecting your incident response and CTI teams after your investigation.
# ๐ Project Documentation and Getting Started Guide
The project documentation is available on the <a href="https://github.com/k1nd0ne/VolWeb/wiki/VolWeb-Documentation">Wiki</a>.
There, you will be able to deploy the tool in your investigation environment or lab.
>[!IMPORTANT]
> Take time to read the documentation in order to avoid common miss-configuration issues.
# Analysis features
A quick disclaimer: VolWeb is meant to be use in conjunction with the volatility3 framework CLI,
it offers a different way to review & investigate some of the results and will not do all of the deep dive analysis job for you.
## ๐ฟ Hybrid storage solution
Your evidences are uploaded to the VolWeb plateform and is using filesystem analyse by default for having the best performances. But you can also bind evidences from a cloud storage solution (AWS/MINIO) and bind them to your cases in order to perform the analysis directly on the cloud.
## ๐ฌ Investigate
The investigate feature is one of the core feature of VolWeb.
It provides an overview of the available artefacts that were retrived by the custom volatiltiy3 engine in the backend.
If available, you can visualize the process tree and get basic information about each process, dump them etc...
You also get a enhanced view of all of the plugins results by categories.
<img width="1728" alt="image" src="https://github.com/user-attachments/assets/ecdc3ba5-e3e1-48b9-9e82-3d8bba1649ae">
## แจ Explore
ยซย _Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win._ย ยป
The explore feature comes with VolWeb 3.0 for Windows investigations (coming soon for Linux).
It enable the memory forensics expert to investigate potential suspicious processes in a graph view allowing another way to look at the data, but also correlate the volatility3 plugins to get more context.
<img width="1728" alt="image" src="https://github.com/user-attachments/assets/e77e5c07-4ff7-4bdb-9eb4-d8880e0a0107">
## ๐จ Capitalize and share STIX V2 Indicators
When the expert found malicious activies, VolWeb give you the possibility to create STIX V2 Indicators directly from the interface and centralize them in your case.
Once your case is closed, you can generate you STIX bundle and share your Indicators with your community using CTI Platforms like MISP or OpenCTI.
<img width="1728" alt="image" src="https://github.com/user-attachments/assets/5e4015ff-5eeb-495b-bfe0-7fd3bcdfe43c">
## ๐ชก Interacting with the REST API
VolWeb exposes a REST API to allow analysts to interact with the platform. A swagger is available on the platform in oder to get the full documentation.
There is a dedicated repository proposing some scripts maintained by the community: https://github.com/forensicxlab/VolWeb-Scripts .
<img width="1728" alt="image" src="https://github.com/user-attachments/assets/84578c55-bba3-4695-b25e-bdb4e25c60bb">
## Administration
VolWeb is using django in the backend. Manage your user and database directly from the admin panel.
<img width="1718" alt="image" src="https://github.com/user-attachments/assets/ded4d50e-23ee-4154-bc22-0ddb76678495">
# ๐ Issues & Feature request
If you have encountered a bug, or wish to propose a feature, please feel free to create a [discussion](https://github.com/k1nd0ne/VolWeb/discussions) to enable us to quickly address them. Please provide logs to any issues you are facing.
# ๐ค Contributing
VolWeb is open to contributions. Follow the contributing guideline in the documentation to propose features.
# Contact
Contact me at
[email protected] for any questions regarding this tool.
# Next Release Goals
Check out the [roadmap](https://github.com/users/k1nd0ne/projects/2)
Check out the [discussions](https://github.com/k1nd0ne/VolWeb/discussions)
", Assign "at most 3 tags" to the expected json: {"id":"8925","tags":[]} "only from the tags list I provide: [{"id":77,"name":"3d"},{"id":89,"name":"agent"},{"id":17,"name":"ai"},{"id":54,"name":"algorithm"},{"id":24,"name":"api"},{"id":44,"name":"authentication"},{"id":3,"name":"aws"},{"id":27,"name":"backend"},{"id":60,"name":"benchmark"},{"id":72,"name":"best-practices"},{"id":39,"name":"bitcoin"},{"id":37,"name":"blockchain"},{"id":1,"name":"blog"},{"id":45,"name":"bundler"},{"id":58,"name":"cache"},{"id":21,"name":"chat"},{"id":49,"name":"cicd"},{"id":4,"name":"cli"},{"id":64,"name":"cloud-native"},{"id":48,"name":"cms"},{"id":61,"name":"compiler"},{"id":68,"name":"containerization"},{"id":92,"name":"crm"},{"id":34,"name":"data"},{"id":47,"name":"database"},{"id":8,"name":"declarative-gui "},{"id":9,"name":"deploy-tool"},{"id":53,"name":"desktop-app"},{"id":6,"name":"dev-exp-lib"},{"id":59,"name":"dev-tool"},{"id":13,"name":"ecommerce"},{"id":26,"name":"editor"},{"id":66,"name":"emulator"},{"id":62,"name":"filesystem"},{"id":80,"name":"finance"},{"id":15,"name":"firmware"},{"id":73,"name":"for-fun"},{"id":2,"name":"framework"},{"id":11,"name":"frontend"},{"id":22,"name":"game"},{"id":81,"name":"game-engine "},{"id":23,"name":"graphql"},{"id":84,"name":"gui"},{"id":91,"name":"http"},{"id":5,"name":"http-client"},{"id":51,"name":"iac"},{"id":30,"name":"ide"},{"id":78,"name":"iot"},{"id":40,"name":"json"},{"id":83,"name":"julian"},{"id":38,"name":"k8s"},{"id":31,"name":"language"},{"id":10,"name":"learning-resource"},{"id":33,"name":"lib"},{"id":41,"name":"linter"},{"id":28,"name":"lms"},{"id":16,"name":"logging"},{"id":76,"name":"low-code"},{"id":90,"name":"message-queue"},{"id":42,"name":"mobile-app"},{"id":18,"name":"monitoring"},{"id":36,"name":"networking"},{"id":7,"name":"node-version"},{"id":55,"name":"nosql"},{"id":57,"name":"observability"},{"id":46,"name":"orm"},{"id":52,"name":"os"},{"id":14,"name":"parser"},{"id":74,"name":"react"},{"id":82,"name":"real-time"},{"id":56,"name":"robot"},{"id":65,"name":"runtime"},{"id":32,"name":"sdk"},{"id":71,"name":"search"},{"id":63,"name":"secrets"},{"id":25,"name":"security"},{"id":85,"name":"server"},{"id":86,"name":"serverless"},{"id":70,"name":"storage"},{"id":75,"name":"system-design"},{"id":79,"name":"terminal"},{"id":29,"name":"testing"},{"id":12,"name":"ui"},{"id":50,"name":"ux"},{"id":88,"name":"video"},{"id":20,"name":"web-app"},{"id":35,"name":"web-server"},{"id":43,"name":"webassembly"},{"id":69,"name":"workflow"},{"id":87,"name":"yaml"}]" returns me the "expected json"