Volatility Workbench

by PassMark Softwarev3.0.1014

Last updated Jun 8, 2026

Volatility Workbench is a graphical user interface (GUI) for the Volatility tool.

Install with winget

$ winget install --id PassMark.VolatilityWorkbench --exact --version 3.0.1014

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

About

Volatility is a command line memory analysis and forensics tool for extracting

artifacts from memory dumps. Volatility Workbench is free, open source and runs

in Windows. It provides a number of advantages over the command line version

including,

- No need to install Python script interpreter.

- No need of remembering command line parameters.

- Storage of the platform and process list with the memory dump, in a .CFG file.

When a memory image is re-loaded, this saves a lot of time and eliminates the

need to get process list each time.

- Automatic platform detection with .CFG files

- Simpler copy & paste.

- Simpler printing of paper copies (via right click).

- Simpler saving of the dumped information to a file on disk.

- A drop down list of available commands and a short description of what the

command does.

- Time stamping of the commands executed.

- Auto-loading the first dump file found in the current folder.

- Support for analysing Mac and Linux memory dumps.

- Up to 20% increase in speed compared to interpreted version.

Installers · v3.0.1014

Architecture	Type	Scope	Install	Download
neutral	ZIP archive	-		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

3 known CVEs via NVD

high7.8Patched in wingetCVE-2020-15481affects v7.1Nov 13, 2020
An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSForensics v7.1 Build 1012, and PerformanceTest v10.0 Build 1008. The kernel driver exposes IOCTL functionality that allows low-privilege users to map arbitrary physical memory into the address space of the calling...
Vendor advisory
high8.8Fix availableCVE-2020-15480affects <=7.1Aug 7, 2020
An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to a...
Vendor advisory
high8.8Fix availableCVE-2020-15479affects <=7.1Aug 7, 2020
An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The driver's IOCTL request handler attempts to copy the input buffer onto the stack without checking its size and can cause a buffer overflow. This could lead to...
Vendor advisory

Source: NVD, updated 4h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr.

Related apps

KeyboardTestPassMark Software
PassMark.KeyboardTestv4.0.1003
Test desktop and laptop computer keyboards
DiskCheckupPassMark Software
PassmarkSoftware.DiskCheckupv3.6.1001.0
SMART hard drive monitoring utility
PassMark FraggerPassMark Software
PassmarkSoftware.Fraggerv1.0
Fragment and defragment files in a controlled environment with user-selected settings. Benchmark performance of third party defrag tools!
BatteryMonPassMark Software
PassmarkSoftware.BatteryMonv2.1
Monitor the battery charge level in laptop computer and UPS's
MonitorTestPassMark Software
PassMark.MonitorTestv4.0.1002
Test monitors and LCD screens
AppTimerPassMark Software
PassMark.AppTimerv1.0.1010
Application Startup Timer

Frequently asked questions

How do I install Volatility Workbench on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id PassMark.VolatilityWorkbench --exact --version 3.0.1014. winget downloads the installer from PassMark Software and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Volatility Workbench silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id PassMark.VolatilityWorkbench --exact 3.0.1014 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

How do I uninstall Volatility Workbench via winget?

Run: winget uninstall --id PassMark.VolatilityWorkbench --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Volatility Workbench's Apps & Features entry.

Is Volatility Workbench free?

Volatility Workbench is distributed under Proprietary. Refer to the publisher (https://www.osforensics.com/tools/volatility-workbench.html) for the full license terms - Wingetly itself does not charge for installation.

Does Volatility Workbench work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Volatility Workbench directly from the publisher.

How do I keep Volatility Workbench up to date?

Run winget upgrade --id PassMark.VolatilityWorkbench --exact, or winget upgrade --all to update everything winget tracks. We index 1 version of Volatility Workbench from microsoft/winget-pkgs.