View on GitHub


A short and small memory forensics helper.

download .ZIPdownload .TGZ

Muninn - The Volatility Reporter


Muninn was built to allow an easier approach to initial memory forensics on Windows 7 and Windows XP machines. Usually, when approaching a memory analysis we start by plotting out the basics and looking for the exceptions. This usually involves a lot of commandlining for each and every data set with Volatility. Muninn will take a case number and a memory image and will try to grab the basic pieces of data we usually look for and export them into a readable txt file which will be 'nicer' to read by a human being. It does not try to lead the memory forensics from a to z but rather to help the auditor through the initial plotting. To check for updates or submit changes follow this repository at the official repository This program is licensed under GPLv3.


Clone this repository using:

git clone

Make sure you have all the dependencies installed:

sudo pip install prettytable

Make sure Volatility is installed and linked to .

sudo apt-get install subversion pcregrep libpcre++-dev python-dev build-essentia libgmp3-dev
sudo apt-get install python-pycryptopp sqlite3 libsqlite3-dev
tar xfv volatility-2.3.tar.gz
cd volatility-2.3/
sudo python install

How To

The basic command line arguments for Muninn are:

    -h, --help                           show this help message and exit
    -f FILENAME, --file=FILENAME         The path to memory image to analyse
    -c CASENUMBER, --case=CASENUMBER     Case number to use

The image location and case number are mandatory.


Basic structure of Muninn is:

The main execution file. This file just calls other imports. This file manages the flow of the application and is a bit documented. Function names and calls are simple to understand.

This manages errors in the program. It is very simple and not documented (since there is nothing to document). Every other python module in this application will call for output to the user (screen).

Will be called to write the report file. It manages the functions:

Warning! Black magic regexing here! You've been warned!

Just this readme file.


Muninn - An Automatic Initial Memory Forensics Tool Copyright (C) 2014 Yuval tisf Nativ

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see