Volinux is a modern web-based platform for analyzing Linux memory dumps, combining powerful memory forensics capabilities with an intuitive user interface.
- Modern, responsive web interface with multilingual support (EN/FR)
- Automatic Linux kernel version and distribution detection
- Execute various Volatility3 plugins for in-depth memory forensics
- Interactive results with filtering capabilities
- Docker-based deployment for easy setup
- Bash History (
linux.bash) - View command history from bash sessions - Environment Variables (
linux.envars) - Examine environment variables - IP Addresses (
linux.ip.Addr) - List network address configurations - Network Interfaces (
linux.ip.Link) - Examine network interfaces - Boot Time Information (
linux.boottime.Boottime) - View system boot time - Files in Memory (
linux.pagecache.Files) - Examine cached files - Process List (
linux.pslist.PsList) - View running processes
- React 19.1.0
- Tailwind CSS 3.3.0
- Axios for API communication
- Modern JavaScript features and responsive design
- Flask 3.0.0 (Python)
- Flask-CORS for cross-origin requests
- Volatility3 2.11.0 for memory forensics
- Gunicorn for production deployment
- Docker and Docker Compose
-
Clone the repository:
git clone https://github.com/yourusername/volinux.git cd volinux -
Start the application using Docker Compose:
docker-compose up
-
Access the application:
-
Upload a Linux memory dump file via the web interface
-
The system will automatically detect the kernel version and distribution
-
Select one of the available plugins to analyze specific aspects of the memory dump
-
View and filter the detailed results in a new browser tab
Abyss-W4tcher for his wonderful works on Volatility3 Symbols
Auteqia for his valuable advice
This project is licensed under the MIT License - see the LICENSE file for details.
Contributions are welcome! Please feel free to submit a Pull Request.
For questions or support, please open an issue in the GitHub repository.