There are 11 repositories under memory-forensics topic.
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Educational, CTF-styled labs for individuals interested in Memory Forensics
Dynamic unpacker based on PE-sieve
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR
A course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University
Rip Raw is a small tool to analyse the memory of compromised Linux systems.
C# Implementation of Jared Atkinson's Get-InjectedThread.ps1
A curated list of awesome malware analysis tools and resources
Virtual Machine Introspection (VMI) for memory forensics and machine-learning.
Development guide for Volatility Plugins
Tool to extract the kallsyms (System.map) from a memory dump
A suite of Volatility 3 plugins for memory forensics of Docker containers
memory dump tool mirror for version 3.0.20171228.1
Volatility 3 plugins to extract a module as complete as possible
Tool to extract contents from the memory of Windows systems.
My digital forensics notebook
My Linux profiles built for Volatility 2/3
Minion rules for DFIR work.
This repository contains memory forensics challenges that I've been solving using Volatility.
An updated fork of @bacanoicua's RAMDumpExplorer project. This is a program designed to analyze a dump of the RAM memory to search for potentially malicious files. The program scans the dump file for specific patterns and uses regular expressions to identify and extract the matched values
Tool to find memory artifacts present in instant messaging applications.
Not Only Forensics Toolkit
Data structure detection with neural networks.