Advanced memory forensics and malware analysis toolkit with a modern web-based dashboard
- Modern Web Dashboard: Beautiful, responsive interface built with Bootstrap 5
- Volatility3 Integration: Advanced memory forensics analysis
- YARA Scanner: Pattern-based malware detection with 491+ rules
- Real-time Statistics: Live updates of reports, rules, and scan status
- File Management: View, download, and analyze generated reports
- Responsive Design: Works on desktop, tablet, and mobile devices
- Professional UI: Gradient backgrounds, animations, and modern UX
- Python 3.7 or higher
- Windows 10/11 (for Windows-specific memory analysis)
- Administrator privileges (for some Volatility operations)
- Git (for cloning the repository)
-
Clone the Repository:
git clone https://github.com/aryanxsh/memory-forensics-dashboard.git cd memory-forensics-dashboard -
Install Dependencies:
pip install -r requirements.txt
-
Start the Dashboard:
python app.py
-
Access the Dashboard: Open your browser and navigate to:
http://localhost:5000
memory-forensics-dashboard/
├── app.py # Main Flask application
├── requirements.txt # Python dependencies
├── README.md # This file
├── .gitignore # Git ignore rules
├── static/ # Static files and outputs
│ ├── css/ # Custom CSS styles
│ ├── js/ # JavaScript functionality
│ ├── volatility_output/ # Volatility analysis results
│ └── yara_output/ # YARA scan results
├── templates/ # HTML templates
│ ├── index.html # Main dashboard
│ └── files.html # File listing page
├── scripts/ # Analysis scripts
│ ├── volatility_gui.py # Volatility GUI
│ ├── yara_scanner.py # YARA Scanner GUI
│ └── rules/ # YARA rule collection (491+ rules)
├── start.bat # Windows startup script
├── start.sh # Linux/Mac startup script
└── volatility3/ # Volatility3 framework
The dashboard provides:
- Quick Stats: Real-time counts of reports, YARA rules, and threats
- Analysis Tools: Easy access to Volatility and YARA scanners
- Reports Section: View and manage generated analysis files
- Recent Activity: Track system operations and tool status
- Click "Launch Volatility GUI" from the dashboard
- Select your memory dump file (.dmp, .raw, .img, .vmem)
- Choose analysis plugins (processes, network, registry, etc.)
- Review generated reports in the "Volatility Reports" section
Available Plugins:
windows.pslist- Process listingwindows.pstree- Process treewindows.dlllist- DLL listingwindows.filescan- File scanningwindows.registry.hivelist- Registry analysiswindows.malfind- Malware detection- And many more...
- Click "Launch YARA Scanner" from the dashboard
- Select target files or directories
- Choose YARA rule sets (APT groups, malware families, etc.)
- Review scan results in the "YARA Scan Logs" section
YARA Rule Categories:
- APT Groups: Advanced Persistent Threat detection
- Malware Families: Known malware signatures
- Exploit Kits: Common exploit frameworks
- Ransomware: Various ransomware families
- RATs: Remote Access Trojans
- Webshells: Web-based backdoors
- Volatility Reports: Memory analysis artifacts, process lists, network connections
- YARA Logs: Malware detection results, threat classifications
- File Downloads: Download reports for external analysis
- In-browser Viewing: Text-based reports display directly in browser
The project includes an extensive collection of 491+ YARA rules:
- APT Groups: Advanced Persistent Threat detection rules
- Malware Families: Known malware family signatures
- Exploit Kits: Detection for common exploit frameworks
- Ransomware: Various ransomware detection patterns
- RATs: Remote Access Trojan signatures
- Webshells: Web-based backdoor detection
static/volatility_output/: Volatility analysis resultsstatic/yara_output/: YARA scan logs and reports
The dashboard provides several API endpoints:
GET /api/stats: Get real-time statisticsGET /api/tool-status: Check tool availabilityGET /api/recent-activity: Get recent system activitiesPOST /run-volatility: Launch Volatility GUIPOST /run-yara: Launch YARA Scanner
The dashboard uses Bootstrap 5 with custom CSS. Key styling classes:
.hero-section: Main header with gradient background.tool-card: Analysis tool cards with hover effects.stats-card: Statistics cards with gradient backgrounds.file-card: File listing cards
- Create your tool script in the
scripts/directory - Add a new route in
app.py - Update the dashboard template to include your tool
- Add appropriate styling and icons
- File Permissions: Ensure proper file permissions for output directories
- Network Access: The dashboard runs on
0.0.0.0:5000by default - Administrator Rights: Some Volatility operations require elevated privileges
- Memory Dumps: Handle sensitive memory dumps with appropriate security measures
- YARA Rules: Keep rules updated for latest threat detection
-
Port Already in Use:
# Change port in app.py app.run(debug=True, host='0.0.0.0', port=5001)
-
Missing Dependencies:
pip install -r requirements.txt
-
Permission Errors:
- Run as Administrator for Windows memory analysis
- Check file permissions for output directories
-
Volatility Not Found:
- Ensure volatility3 directory is present
- Check Python path and dependencies
-
YARA Rules Not Loading:
- Verify scripts/rules directory exists
- Check for syntax errors in YARA files
Enable debug mode for detailed error messages:
app.run(debug=True, host='0.0.0.0', port=5000)- Large Memory Dumps: Use appropriate Volatility plugins for large files
- YARA Rules: Optimize rule sets for your specific use case
- Output Management: Regularly clean up old reports
- Resource Monitoring: Monitor system resources during analysis
# Start with batch file
start.bat
# Or manually
python app.py# Start with shell script
./start.sh
# Or manually
python3 app.py- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Make your changes
- Test thoroughly
- Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
- Volatility Foundation: For the Volatility3 framework
- YARA Project: For the pattern matching engine
- Bootstrap Team: For the responsive CSS framework
- Font Awesome: For the icon library
- Flask Team: For the web framework
- 514 files committed
- 158,667 lines of code
- 491+ YARA rules included
- Modern web interface with Bootstrap 5
- Real-time dashboard with live statistics
🔗 Repository: https://github.com/aryanxsh/memory-forensics-dashboard