Memory Analysis
Browse 39 memory analysis tools
FEATURED
AI-driven binary code analysis platform for malware detection & intelligence.
Runtime memory protection detecting app-layer threats within milliseconds.
Endpoint agent detecting in-memory malicious code execution on Windows.
User-mode Windows agent detecting in-memory & out-of-context code execution.
Runtime CFI protection for embedded systems via patented Control Flow Graph.
Exploit mitigation tool for C/C++ firmware on embedded systems.
Centralized command interface for the SNOW platform for threat hunting & IR.
IP core that detects and prevents Rowhammer attacks on memory systems
EDR solution with in-memory detection and machine learning capabilities
mXtract is a Linux-based tool for memory analysis and dumping with regex pattern search capabilities.
A Python module for orchestrating remote forensic data acquisition and analysis from Linux instances using Amazon SSM.
Rekall is a discontinued project that aimed to improve memory analysis methodology but faced challenges due to the nature of in-memory structure and increasing security measures.
A shellcode generator that creates position-independent code for loading and executing .NET Assemblies, PE files, and Windows payloads from memory.
Fridump is an open source memory dumping tool that uses the Frida framework to extract accessible memory addresses from iOS, Android, and Windows applications for security testing and analysis.
Easy-to-use live forensics toolbox for Linux endpoints with various capabilities such as process inspection, memory analysis, and YARA scanning.
Margarita Shotgun is a Python tool that enables remote memory acquisition from target systems through command line interface, supporting Linux distributions and other operating systems via Docker containers.
A portable Rust-based tool for acquiring volatile memory from Linux systems without requiring prior knowledge of the target OS distribution or kernel.
Scan files or process memory for Cobalt Strike beacons and parse their configuration.
AMExtractor is an Android memory acquisition tool that dumps physical device memory using /dev/kmem without requiring kernel source code.
An OCaml Ctypes wrapper for the YARA matching engine that enables malware identification capabilities in OCaml applications.
A collection of tools that execute programs directly in memory using various delivery methods including URL downloads and netcat connections.
Malscan is a tool to scan process memory for YARA matches and execute Python scripts.
Developing APIs to access memory on industrial control system devices.
A comprehensive guide to memory forensics, covering tools, techniques, and procedures for analyzing volatile memory.
