Skip to main content

๐Ÿ“ฆ VolWeb v3.15 July 2025 Release

ยท 3 min read
k1nd0ne
k1nd0ne
Digital Forensics Spiderman

Following the parity release of the Volatility3 v2.26 framwework, we updated VolWeb to add the latest plugins, fix some issues and add some new features ! Learn more about the news in this blogpost.

In this new version of VolWeb, we added some of the plugins released in the 2.26 version of Volatility3 to the VolWeb Engine for Windows and Linux memory forensics. We also added the Linux Explore features, a Kubernetes manifest example and fixed some bugs.

๐Ÿ”ฌ New Featuresโ€‹

๐Ÿ” Explore for Linuxโ€‹

Apart of the parity release plugins included from the volatility3 framwework, the goal of VolWeb is to provide a different way to visualize data. We included the "Explore" feature for the Linux Memory Forensics investigation.

When clicking on the Explore tab a graph is presented listing the root processes nodes extracted from the Process Tree.

If the selected process the child process nodes will be displayed in order for the investigator to explore the graph.

Process detailled investigationโ€‹

The process details Window allows the investigator to view more artifacts about the selected process by clicking on the "view more" button.

๐Ÿ”ฆ Filtering tablesโ€‹

We have included the MUI Toolbar for each DataGrid allowing you to filter, export the table, and column customization.

Kubernetes Manifestโ€‹

As requested from some members of the community, we have added a sample kubernetes manifest ready for production in order for system administrator to deploy volweb in 3 simple commands. You can learn more in the Documentation

๐Ÿชข Bug fixesโ€‹

Several issues were addressed in this release

  • MFTScan deactivation: This plugin is extracting the activies about the Windows Master File Tables updates, however it is generating a LOT of events and was slowing the analysis, making the storage of the resulting JSON object impossible on too large dataset and was making the server crash when fetching the Timeliner from the front-end. This amount of data was unexcepted and was polluting the timeline graph making the visualization less sharp. We also need to implement server side processing in order to display all of the data in the DataGrid (MUI Tables). This will take some time but it will greatly increase the performance of the application in time. Until this feature is available, we have disabled the MFTScan plugin and removed those artifacts from the Timeliner.

  • Nginx frontend misconfiguration: A bug was identified in our nginx configuration resulting in 500 errors because of a internal rewrite redirecting to /dashboard/ instead of /.

๐ŸŽฏ Future releasesโ€‹

This release include new functionalities but Volatility3 2.26 comes with new dumping features that we want to include into VolWeb and enhance the visualization of some artefacts like Malfin. We also want to include suspicious process recon like done in Windows but for Linux, and fix the BigData issue faced with some plugins. Note that this project is currently done on my free time like all of the projects on ForensicXlab, so this will depend highly on my motivation. That's why we need your contributions ! Don't forget that we have a Discord server if you would like to talk directly to the community.