Memory Forensics
Browse 21 memory forensics tools
FEATURED
Professional digital forensics & incident response service with US fed-cleared staff.
Team-based cyber range platform for IR simulation, training & benchmarking.
DFIR service for breach investigation, containment, and remediation
5-day hands-on training course for malware analysis techniques
Automates memory and MFT dumps at scale for forensic analysis on Windows hosts
NIST-aligned DFIR platform for incident containment, investigation, and recovery
Rekall is a discontinued project that aimed to improve memory analysis methodology but faced challenges due to the nature of in-memory structure and increasing security measures.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.
GUI-based memory forensic capture tool for cyber forensics and cyber crime investigation.
SwishDbgExt is a Microsoft WinDbg debugging extension that enhances debugging capabilities for kernel developers, troubleshooters, and security experts.
A comprehensive guide to memory forensics, covering tools, techniques, and procedures for analyzing volatile memory.
A powerful tool for extracting passwords and performing various Windows security operations.
LiME is a Linux Memory Extractor tool for acquiring volatile memory from Linux and Linux-based devices, including Android, with features like full memory captures and minimal process footprint.
Web interface for the Volatility Memory Forensics Framework
A practical guide to enhancing digital investigations with cutting-edge memory forensics techniques, covering fundamental concepts, tools, and techniques for memory forensics.
A digital artifact extraction framework for extracting data from volatile memory (RAM) samples, providing visibility into the runtime state of a system.
VolatilityBot automates memory dump analysis by extracting executables, detecting code injections, and performing automated malware scanning using YARA and ClamAV.
A process scanning tool that detects and dumps malicious implants, shellcodes, hooks, and memory patches in running processes.
MemLabs provides CTF-styled memory forensics challenges designed to teach students and security researchers how to analyze memory dumps using tools like Volatility.
MalConfScan is a Volatility plugin for extracting configuration data of known malware and analyzing memory images.
A toolkit for forensic analysis of network appliances with YARA decoding options and frame extraction capabilities.
