ForensicZone Files

Use at OWN RISK

MISSION:
This program's purpose is to speed up the intial preview of a memory capture files using Volatility.
Hopefully it saves you some key strokes

Run the program and point to the memory file you want to process
Volatility's  Commands ImageInfo and PSList Run automatically
Batch files will be created in sub directories of the target memory file for the following Volatility Commands:
	procdump, 
	vaddmp, 
	memdump
	(YOU HAVE to RUN THESE .BAT FILE YOURSELF )
	


!!!!!!!!!!!!!!!!!!!!!!!!IMPORTANT!!!!!!!!!!!!!!!!!

volatility_2.6_win64_standalone.exe has to be in the same directory as this program to work
http://downloads.volatilityfoundation.org/releases/2.6/volatility_2.6_win64_standalone.zip

also

To Make a JPEG of Processes using Volatility PSList
You need to download GRAPHVIZ and install the following in the default directory
https://graphviz.gitlab.io/_pages/Download/windows/graphviz-2.38.msi


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!





Having Problems?

-	Some versions of Windows 10 do not currently work with volatility_2.6_win64_standalone.exe

-	If you have an error check out you .bat files in a text editor 
	>>> many times errors can be caused by a space in the path.

	 For example the location
		c:\case\memory\W8\New Folder  
	The space between New and Folder can give you a problem.
I am attempting to sew together at least three differnt programs so PATHs matter
	
-	I purposely didn't run the procdump, vaddmp, memdump .bat files because of the potential space they use up. 
In the future I might add the ability to choose what .bat files to run