Skip to content
This repository was archived by the owner on Dec 24, 2025. It is now read-only.

dhafin5758/forensicWeb

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
backend
backend
 
 
deploy
deploy
 
 
docker
docker
 
 
docs
docs
 
 
examples
examples
 
 
frontend
frontend
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
CHANGELOG_URL_DOWNLOAD.md
CHANGELOG_URL_DOWNLOAD.md
 
 
DELIVERY_SUMMARY.md
DELIVERY_SUMMARY.md
 
 
DOCUMENTATION_INDEX.md
DOCUMENTATION_INDEX.md
 
 
FEATURE_URL_DOWNLOAD.md
FEATURE_URL_DOWNLOAD.md
 
 
FINAL_DELIVERY.md
FINAL_DELIVERY.md
 
 
QUICK_START_GUIDE.md
QUICK_START_GUIDE.md
 
 
QUICK_VPS_SETUP.md
QUICK_VPS_SETUP.md
 
 
README.md
README.md
 
 
URL_DOWNLOAD_QUICK_START.md
URL_DOWNLOAD_QUICK_START.md
 
 
VPS_DEPLOYMENT_CHECKLIST.md
VPS_DEPLOYMENT_CHECKLIST.md
 
 
VPS_DEPLOYMENT_GUIDE.md
VPS_DEPLOYMENT_GUIDE.md
 
 
docker-compose.yml
docker-compose.yml
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Volatility 3 Memory Forensics Automation Platform

Architecture Overview

Enterprise-grade memory forensics platform built for Linux VPS deployment, featuring automated Volatility 3 analysis, artifact extraction, and web-based visualization.

System Components

Backend Stack

  • FastAPI: REST API server
  • Celery: Distributed task queue
  • Redis: Message broker and cache
  • PostgreSQL: Metadata and results storage
  • Docker: Container isolation

Forensic Tools

  • Volatility 3 (memory analysis)
  • binwalk (firmware/binary analysis)
  • exiftool (metadata extraction)

Frontend

  • React/Vue (dashboard and visualization)
  • WebSocket (real-time job updates)

Directory Structure

forensicweb/
├── backend/
│   ├── api/                    # FastAPI routes
│   ├── core/                   # Core business logic
│   ├── workers/                # Celery tasks
│   ├── models/                 # Database models
│   ├── schemas/                # Pydantic schemas
│   ├── utils/                  # Utilities
│   └── config.py               # Configuration
├── frontend/                   # Web UI
├── docker/                     # Docker configs
├── storage/                    # Data storage
│   ├── uploads/                # Memory images
│   ├── artifacts/              # Extracted files
│   ├── results/                # JSON outputs
│   └── logs/                   # Analysis logs
├── tests/                      # Test suites
└── deploy/                     # Deployment scripts

Security Model

  1. Upload Validation: Size limits, magic byte verification
  2. Process Isolation: Containerized workers
  3. Authentication: JWT-based API access
  4. Rate Limiting: Per-IP and per-user
  5. Artifact Quarantine: Sandboxed extraction zones

Deployment

# Production deployment
docker-compose up -d

# Development mode
./scripts/dev.sh

API Endpoints

  • POST /api/v1/upload - Upload memory image
  • POST /api/v1/upload/from-url - Queue download from URL (async, no size limit)
  • GET /api/v1/upload/status/{image_id} - Check download/upload status
  • POST /api/v1/jobs - Create analysis job
  • GET /api/v1/jobs/{job_id} - Job status
  • GET /api/v1/results/{job_id} - Analysis results
  • GET /api/v1/artifacts/{job_id} - List artifacts
  • GET /api/v1/download/{artifact_id} - Download artifact

Supported Volatility Plugins

  • pslist, pstree (process enumeration)
  • netscan (network connections)
  • cmdline (command line arguments)
  • malfind (code injection detection)
  • filescan, dumpfiles (file recovery)
  • handles (handle enumeration)
  • vadinfo (VAD tree analysis)

Future Extensions

  • Elasticsearch integration for full-text search
  • YARA scanning of extracted regions
  • Timeline correlation engine
  • Multi-node worker cluster
  • Automated IOC extraction
  • MITRE ATT&CK mapping

About

No description, website, or topics provided.

Resources

Readme

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages