Manually parsing, analyzing and visualizing memory analysis is painful and time consuming. Now you can ingest your memory analysis plugin outputs into Splunk for visualization and aggregate analysis! The possibilities are limitless once you have your data in a central location. This add-on can even be deployed to a remote systems and forwarded to an indexer or cluster! See our github for the latest fork of volatility (https://github.com/mutedmouse/volatility) and the branches of TA-volatility (https://github.com/mutedmouse/ta-volatility). NOTE: listprocess custom command syntax MUST match the following OR SEARCH WILL STALL and manual process termination will be required: __search__ | listprocess root_process_id=integer_pid process_field=name_field ppid_field=ppid_field pid_field=pid_field This syntax is presented in the help message when you begin entering listprocess command in the search bar and documented under searchbnf.conf for listprocess. Command improvements coming in 2.6.7 and above releases.