memory-forensics

There are 11 repositories under memory-forensics topic.

hasherezade / pe-sieve
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
anti-malware hooking libpeconv malware-analysis memory-forensics pe-analyzer pe-dumper pe-format pe-sieve process-analyzer scans
Language:C++ 2879
hasherezade / hollows_hunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
anti-malware malware-analysis malware-detection memory-forensics pe-sieve
Language:C 1874
MemLabs
stuxnet999 / MemLabs
Educational, CTF-styled labs for individuals interested in Memory Forensics
ctf ctf-challenges cybersecurity dfir digital-forensics forensics memory-forensics security windows
Language:Shell 1547
microsoft / avml
AVML - Acquire Volatile Memory for Linux
linux-security memory-forensics rust
Language:Rust 805
hasherezade / mal_unpack
Dynamic unpacker based on PE-sieve
libpeconv malware-analysis malware-unpacker memory-forensics pe-sieve
Language:C 627
swwwolf / wdbgark
WinDBG Anti-RootKit Extension
kernel-mode c-plus-plus malware malware-analysis malware-research forensic-analysis windbg windbg-extension anti-rootkit windows visual-studio driver wdbgark memory-forensics anomaly-detection user-mode sww debugging-tool swwwolf crash-dump
Language:C++ 601
teamdfir / sift
SIFT
aws cast cast-distro cli forensics issues-only memory-forensics salt-state saltstack sans sift timeline-analysis
470
evild3ad / MemProcFS-Analyzer
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
powershell incident-response dfir digital-forensics memprocfs memory-forensics live-response
Language:PowerShell 399
patois / IDACyber
Data Visualization Plugin for IDA Pro
ida cyber data-visualization ida-pro idapython-plugin reverse-engineering memory-hacking pixel-art color-filter memory-forensics firmware-analysis exploitation
Language:Python 284
cado-security / varc
Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
aws aws-fargate aws-lambda cloud-security dfir dfir-automation forensics memory-forensics aws-forensics docker-forensics eks-forensics security fargate-forensics hacktoberfest
Language:Python 231
gleeda / memtriage
Allows you to quickly query a Windows machine for RAM artifacts
memory-forensics memory ram malware memory-analysis live-analysis volatility winpmem windows-machine
Language:Python 216
evild3ad / Collect-MemoryDump
Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR
powershell dfir digital-forensics incident-response live-response memory-acquisition memory-forensics
Language:PowerShell 211
asiamina / A-Course-on-Digital-Forensics
A course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University
courses digital-forensics disk-forensics memory-forensics mobile-forensics network-forensics reverse-engineering
Language:Rich Text Format 161
msuiche / LiveCloudKd
Hyper-V Research is trendy now
memory-forensics virtual-machines
Language:C 145
cado-security / rip_raw
Rip Raw is a small tool to analyse the memory of compromised Linux systems.
dfir dfir-automation forensic-analysis forensics memory-forensics security
Language:Python 133
Apr4h / GetInjectedThreads
C# Implementation of Jared Atkinson's Get-InjectedThread.ps1
incident-response memory-forensics blueteam process-injection
Language:C# 50
ytisf / muninn
A short and small memory forensics helper.
memory-forensics python volatility
Language:Python 50
Hestat / calamity
A script to assist in processing forensic RAM captures for malware triage
dfir volatility memory-forensics malware-analysis
Language:Shell 28
kh4sh3i / Malware-Analysis
A curated list of awesome malware analysis tools and resources
malware malware-analysis malware-detection memory-forensics forensic ida-pro volatility mobsf x64dbg windbg reverse-engineering
24
smartvmi
GDATASoftwareAG / smartvmi
Virtual Machine Introspection (VMI) for memory forensics and machine-learning.
malware-analysis malware-research memory-forensics virtual-machine-introspection vmi
Language:C++ 23
iAbadia / Volatility-Plugin-Tutorial
Development guide for Volatility Plugins
volatility plugin tutorial guide python memory-forensics
23
pagabuc / kallsyms-extractor
Tool to extract the kallsyms (System.map) from a memory dump
kallsyms linux-kernel memory-forensics python unicorn-emulator
Language:Python 20
TazWake / volatility-plugins
Learning volatility plugins.
volatility-plugins python memory-forensics
Language:Python 18
amir9339 / volatility-docker
A suite of Volatility 3 plugins for memory forensics of Docker containers
docker volatility-plugins volatility3 dfir memory-forensics containers
Language:Python 16
h4sh5 / DumpIt-mirror
memory dump tool mirror for version 3.0.20171228.1
dumpit memory-forensics memory-dump memory-dumper minidump
10
reverseame / modex
Volatility 3 plugins to extract a module as complete as possible
memory-forensics volatility-plugins volatility3
Language:Python 10
reverseame / windows-memory-extractor
Tool to extract contents from the memory of Windows systems.
windows memory-forensics
Language:C++ 10
wongkenny240 / ComputerForensics
My digital forensics notebook
memory-forensics digital-forensics digital-forensics-incident-response incident-response dfir
8
forensenellanebbia / volatility-profiles
My Linux profiles built for Volatility 2/3
volatility volatility-profiles memory-forensics rhel volatility-framework ram memory fedora volatility3 forensics
6
ncsc-fi / minion-rules
Minion rules for DFIR work.
dfir dfir-automation open-source forensics memory-forensics
6
aleprada / memory-forensics-challenges
This repository contains memory forensics challenges that I've been solving using Volatility.
memory-forensics volatility dfir malware-analysis ctf-challenges
5
AndrewRathbun / RAMDumpExplorer
An updated fork of @bacanoicua's RAMDumpExplorer project. This is a program designed to analyze a dump of the RAM memory to search for potentially malicious files. The program scans the dump file for specific patterns and uses regular expressions to identify and extract the matched values
dfir forensics memory-analysis memory-forensics
Language:C# 5
reverseame / instant-messaging-artifact-finder
Tool to find memory artifacts present in instant messaging applications.
instant-messaging telegram-desktop memory-forensics
Language:Python 5
mylamour / -_--Forensics-Tools
Not Only Forensics Toolkit
forensics tools memory-forensics standalone password-extraction
Language:PowerShell 4
NiklasBeierl / nosyms
Data structure detection with neural networks.
memory-forensics virtual-machine-introspection neural-network pytorch dgl-graph
Language:Python 3
vobst / BPFVol3
Linux BPF plugins for Volatility3
bpf ebpf forensics forensics-tools memory-forensics plugin volatility volatility3
Language:Python 3

memory-forensics

hasherezade / pe-sieve

hasherezade / hollows_hunter

stuxnet999 / MemLabs

microsoft / avml

hasherezade / mal_unpack

swwwolf / wdbgark

teamdfir / sift

evild3ad / MemProcFS-Analyzer

patois / IDACyber

cado-security / varc

gleeda / memtriage

evild3ad / Collect-MemoryDump

asiamina / A-Course-on-Digital-Forensics

msuiche / LiveCloudKd

cado-security / rip_raw

Apr4h / GetInjectedThreads

ytisf / muninn

Hestat / calamity

kh4sh3i / Malware-Analysis

GDATASoftwareAG / smartvmi

iAbadia / Volatility-Plugin-Tutorial

pagabuc / kallsyms-extractor

TazWake / volatility-plugins

amir9339 / volatility-docker

h4sh5 / DumpIt-mirror

reverseame / modex

reverseame / windows-memory-extractor

wongkenny240 / ComputerForensics

forensenellanebbia / volatility-profiles

ncsc-fi / minion-rules

aleprada / memory-forensics-challenges

AndrewRathbun / RAMDumpExplorer

reverseame / instant-messaging-artifact-finder

mylamour / -_--Forensics-Tools

NiklasBeierl / nosyms

vobst / BPFVol3