AVML - Acquire Volatile Memory for Linux
-
Updated
May 27, 2024 - Rust
AVML - Acquire Volatile Memory for Linux
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
Virtual Machine Introspection (VMI) for memory forensics and machine-learning.
Workshop: Forensic Analysis of eBPF based Linux Rootkits
Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Dynamic unpacker based on PE-sieve
SIFT
Linux BPF plugins for Volatility3
A suite of Volatility 3 plugins for memory forensics of Docker containers
PyMem - Memory Acquisition Tool
A library to read and write LiME files/blobs in python
A course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University
Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
Repository for VAC 2018 Practice on Volatility3 Framework
Tool to extract the kallsyms (System.map) from a memory dump
Add a description, image, and links to the memory-forensics topic page so that developers can more easily learn about it.
To associate your repository with the memory-forensics topic, visit your repo's landing page and select "manage topics."