Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Web interface for the Volatility Memory Forensics Framework

Current Version: 1.6 (2017-11-16)

See what people are saying: #EvolveTool
Short video demo:
Pre-Scan video:


This requires volatility to be a library, not just an EXE file sitting somewhere. Run these commands at python shell:

Download Volatility source zip from
Inside the extracted folder run: install

Then install these dependencies:
pip install bottle
pip install yara <br/ > pip install distorm3 <br/ > pip install maxminddb <br/ >


-f File containing the RAM dump to analyze
-p Volatility profile to use during analysis (--profile may not work even though it shows as an option)
-d Optional path for output file. Default is beside memory image
-l Restrict web server from serving content outside of the local machine
-r comma separated list of plugins to run at the start

!!! WARNING: Avoid writing sqlite to NFS shares. They can lock or get corrupt. If you must, try mounting share with 'nolock' option.


  • Works with any Volatility module that provides a SQLite render method (some don't)
  • Automatically detects plugins - If volatility sees the plugin, so will eVOLve
  • All results stored in a single SQLite db stored beside the RAM dump
  • Web interface is fully AJAX using jQuery & JSON to pass requests and responses
  • Uses Bottle module in Python to provide a standalone web server
  • Option to edit SQL query to provide enhanced data views with data from multiple tables
  • Run plugins and view data from any browser - even a tablet!
  • Allow multiple people to review results of single RAM dump
  • Multiprocessing for full CPU usage
  • Pre-Scan runs a list of plugins at the start

Coming Features

  • Save custom queries for future use
  • Import/Export queries to share with others
  • Threading for more responsive interface while modules are running
  • Export/save of table data to JSON, CSV, etc
  • Review mode which requires only the generated SQLite file for better portability

Please send your ideas for features!

Release notes:
v1.0 - Initial release
v1.1 - Threading, Output folder option, removed unused imports
v1.2 - Pre-Scan option to run list of plugins at the start
v1.3 - Added Morph function and sample Morphs. Also fixed multiprocess bug in Windows.
v1.4 - Added Morph config builder and more sample Morphs. Added searchable and sortable table.
v1.5 - Added dynamic memory profile chooser.
v1.6 - Added plugin search and other optimizations.


Web interface for the Volatility Memory Forensics Framework






No packages published

Contributors 4