Skip to content
/ ForenWare Public

Ansiblezed project to automate data acquisition (Memory and Disk) for VMware vSphere.

License

MIT license
4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sh1dow3r/ForenWare

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

46 Commits
roles
roles
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
dependicies.sh
dependicies.sh
 
 
site.yml
site.yml
 
 
vars.yml
vars.yml
 
 

Repository files navigation

ForenWare

Overview

Forenware is an ansiblezed script found to automate data acquisition (Memory and Disk) from VMware vSphere platform.

In VMware a virtual machine can have few files depending on the task performed on it:

file Description Usage
.vmem Virtual Machine volatile memory file Will be used for memory analysis
.vmss Virtual machine suspend file Will be used to extract metadata of memory
.vmdk Virtual machine storage disk file Will be used for disk analysis

How to get started

  • Make sure you have ansible and python3 installed

  • You will want to the run the script dependencies.sh

    • bash dependencies.sh

  • Edit the file vars.yml

  • Run the ansible playbook

    • ansible-playbook site.yml

Analysis

After the playbook run, you will have a new directory ForenWare_Data or whatever you set the variable to in vars.yml. Inside the ForenWare_Data folder, you will have two folder

  • Disks: You can convert the vmdk file to raw using the follwoing command:
  • Memory: You can use Volatility Framework

Demo

You can watch a demonstration of how the tools works here

About

Ansiblezed project to automate data acquisition (Memory and Disk) for VMware vSphere.

Topics

ansible esxi vcenter forenware

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages