VolWeb v3.0.0

• Dedicated frontend using modern REACT UI
• Volatility3 Engine upgrade including the new plugins from volatility3 2.8.0
• Hybrid storage for better engine performances (filesystem or cloudstorage).
• Bugfixes
• Better engine
• Backend rework
• New "Explore" graph feature
• Swagger API doc
• Better docker integration
• Much more :D

This is a major release, you'll need to migrate from VolWeb-2.1 to VolWeb-3.0.

Happy hunting!

VolWeb 2.1.1

New features

• Bind an existing evidence from any location (AWS/MINIO)
• Bump to Volatility3 2.7.0
• Server-Side processing for timeline filtering (windows only).

New plugin integration:

• windows.iat
• windows.driverirp
• windows.thrdscan
• linux.library_list

Bugfix

• #12 Filedump: Multiple tasks launched + False positive when the dump failed for datasection.
• #14 issue with psycopg2 V2.9.3 requirements - pip3 on windows.

Next release goals

• Increase code reliability
• Increase code maintainability
• Reduce code duplications
• Include unit tests
• Implement github actions
• Include more plugins
• Implement ideas from the discussions with the community
• Create a start page when first launching VolWeb to verify access to the storage and/or configure it from here.

Others

• Updated documentation.
• Discussions created.

VolWeb 2.0

Release Notes - VolWeb 2.0

We are thrilled to announce the release of VolWeb 2.0. This new version introduces a large number of enhancements, offering improved flexibility and scalability for digital forensic investigations.

Key Features:

1. Cloud Storage Analysis: Following our latest Volatility3 Framework contributions, the memory forensics capability has been developed for analyzing remote cloud storage images, such as S3.

2. Blob Storage Technology: VolWeb 2.0 leverages blob storage technology, enabling investigators to seamlessly gather, process, and analyze data in a centralized platform. Users also have the option to switch to the CLI version of Volatility 3 for specialized requirements.

3. Case Management and Analysis:

   • Create cases and upload evidence to S3 storage technologies like MINIO and AWS.
   • Automatically extract evidence from images on S3 storage using Volatility3 engines.

4. Enhanced User Interface: Enjoy an updated UI, visualization tools, and advanced search features for improved machine context understanding, aiding in the detection of malicious activities and streamlining case resolution.

5. Incident Response Capabilities:

   • Generate STIX v2.1 compatible Indicators.
   • Export Indicators to a STIX Bundle for collaboration with CTI teams or integration with platforms like OpenCTI.

6. REST API Integration: VolWeb features a robust REST API for automating memory collection, uploading, processing, and artifact review. Access scripts in various languages via the community-maintained GitHub repository at VolWeb-Scripts.

7. Plugin Support: VolWeb offers a wide range of plugins that can be executed by the Volatility3 Windows and Linux engines. Users can still utilize the volatility3 CLI for specific cases and analyze memory images directly within the investigation bucket.

Experience the enhanced capabilities of VolWeb 2.0 and give us feedback! For more information and to get started, visit the Wiki and roadmap!

Thank you for your ongoing support and collaboration in making VolWeb 2.0 a reality!

VolWeb 1.3.2-beta

🛠 BugFix:
- Issue #7 : Mounted volumes permission issues on Linux fixed by using named volumes.
- Windows Timeliner bug where the artifacts are not displaying when the user clicks on the chart.

VolWeb 1.3.0-beta

❖ Features

• Process list search bar
• Linux Timeline

🛠 BugFix:

• Cases and postgres data are now host volumes.
• Windows handles computing was causing worker timeout.
• Tagging issue with Windows UserAssist.

VolWeb 1.2.0-beta

VolWeb 1.2.0-beta

🧬 Volatility3 2.4.1 integrations :

• windows.drivermodule
• windows.vadwalk
• linux.sockstat
• linux.envars

🛠 BugFix:

• Big offsets could make the analysis crash.

🏇Performances:

• Javascript artificat filling system optimization.
• Timeliner graph is displayed without MFScan for better visualization.
• docker services are renamed to avoid conflicts.

String based IOC system is disabled until next major release. (rework)

VolWeb v1.0.0-beta

VolWeb 1.0.0-beta

🧬 Volatility3 2.4.0 integrations :

• windows.devicetree
• windows.sessions
• windows.ldrmodules
• linux.psaux
• linux.mountinfo

🛠 BugFix:

• Multiple Analysis launch.
• Better exceptions handling inside Windows and Linux engines.
• Adding quiet process_callback.
• jsonschema missing import.
• Code refactoring and review.

🏇Performances:

• windows.handles and linux.procmaps are now computed when the user is requesting them for a specific pid.
• Timeliner dynamic artifacts fetch.
• Process artifacts dynamic fetch.

String based IOC system is removed until next release. (rework)

VolWeb - v4.1.0-alpha

• Investigation Editing.
• Uploading Status.
• Dockerfile volatility3 version fix.

VolWeb - v4.0.0-alpha

• UI Upgrade.
• dlllist & handles Windows plugin integration.
• Linux & Windows Markdown report.
• Linux & Windows Tagging system.
• Virus Total integrated file hash check.
• Minor bug fix.
• Process dump and file dump download fix.

VolWeb v3.1.0-alpha

Conception and Bug Fix :

• String based IOCs and Symbols edition is done in a better way.
• CacheDump database injection bug was preventing the analysis from being finished.