Windows Subsystem for Linux (WSL) adds a lot of capability and convenience for running DFIR applications on a Windows host. Previously I wrote about how to add a SIFT/REMnux Ubuntu distribution to WSL.
Another tip I’d like to share with you is setting up separate profiles for frequently used applications.
Volatility is one of the applications I’m in frequently, whether for work or lab(work). Sure, I can open a command window and then navigate to the appropriate application path; but why not make it a one-click option.
To begin, open Windows Terminal, and go to the Settings menu.
On the bottom left choose select ‘Add a new profile.’
PowerShell (Core) is my default shell environment. I’ll select this as the profile to duplicate.
After you hit ‘Duplicate’ you’ll be presented with a copy of the profile.
Update the Name and Starting directory to reflect the application path.
You can customize the Icon and Tab title. Under the Appearance tab you can assign a custom background for the WSL profile. Be sure to click Save when you’ve made your changes.
Now when I want to open a Volatility session, it’s right there on the drop down in WSL.
If you have WSL parked on the Taskbar, you can select the new profile (or any other profile) with a right-click.
If you want to have your WSL instances in separate windows, versus the default tabbed layout, right clicking from the taskbar will open the selected session in a new window.