VolWeb meets YARA: our new extension is now open source πŸ§ πŸ”

We are proud to announce the release of a new open-source extension for VolWeb, developed within our Cybersecurity Laboratory at the Department of Computer Science (DIB) – University of Bari Aldo Moro.

This extension, the result of the graduation thesis by Marco Ferrara, integrates YARA pattern matching directly into VolWeb, the open-source web interface for Volatility 3, significantly enhancing its investigative capabilities in the field of memory forensics.

Key features

πŸš€ The extension introduces several powerful capabilities:

  • Flexible rule management: load YARA rules from local files, GitHub repositories, or write them directly using an integrated editor with real-time validation.
  • Hybrid scanning: combine single rules, multiple rulesets, or both for more precise and efficient detection.
  • Optimized architecture: reduced dependencies for a lightweight and stable forensic workflow.
  • Detailed output: for each match, the engine reports the rule, matching pattern, memory offset, and triggering condition.

Academic and collaborative effort

πŸŽ“ The project was carried out under the supervision of Prof. Vita Santa Barletta, with the support and collaboration of the SERLAB and SER&P teams. It exemplifies our ongoing commitment to advancing open-source tools for digital forensics and cybersecurity.

Try it and contribute

πŸ› οΈ The extension is fully open source and available on GitHub:
πŸ”— https://github.com/imb0ru/VolWeb

We welcome contributions, feedback, and suggestions from the community β€” let’s keep improving memory forensics together.

This is another step forward in building powerful, open, and accessible tools for digital investigators worldwide.

#VolWeb #YARA #MemoryForensics #Volatility #DigitalForensics #Cybersecurity #OpenSource #DFIR #UniBa #MntcrlLab #DIB #IncidentResponse #CyberTools