Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
-
Updated
Dec 14, 2024 - C
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Educational, CTF-styled labs for individuals interested in Memory Forensics
AVML - Acquire Volatile Memory for Linux
Dynamic unpacker based on PE-sieve
WinDBG Anti-RootKit Extension
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
SIFT
Data Visualization Plugin for IDA Pro
Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR
Allows you to quickly query a Windows machine for RAM artifacts
A course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University
Rip Raw is a small tool to analyse the memory of compromised Linux systems.
A short and small memory forensics helper.
C# Implementation of Jared Atkinson's Get-InjectedThread.ps1
A curated list of awesome malware analysis tools and resources
Volatility, on Docker 🐳
A script to assist in processing forensic RAM captures for malware triage
Add a description, image, and links to the memory-forensics topic page so that developers can more easily learn about it.
To associate your repository with the memory-forensics topic, visit your repo's landing page and select "manage topics."