Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
-
Updated
Jun 1, 2024 - C
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
An updated fork of @bacanoicua's RAMDumpExplorer project. This is a program designed to analyze a dump of the RAM memory to search for potentially malicious files. The program scans the dump file for specific patterns and uses regular expressions to identify and extract the matched values
AVML - Acquire Volatile Memory for Linux
Virtual Machine Introspection (VMI) for memory forensics and machine-learning.
Workshop: Forensic Analysis of eBPF based Linux Rootkits
Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Dynamic unpacker based on PE-sieve
SIFT
Linux BPF plugins for Volatility3
A suite of Volatility 3 plugins for memory forensics of Docker containers
PyMem - Memory Acquisition Tool
A library to read and write LiME files/blobs in python
A course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University
Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
Repository for VAC 2018 Practice on Volatility3 Framework
Add a description, image, and links to the memory-forensics topic page so that developers can more easily learn about it.
To associate your repository with the memory-forensics topic, visit your repo's landing page and select "manage topics."