15 tools and resources
Rekall is a discontinued project that aimed to improve memory analysis methodology but faced challenges due to the nature of in-memory structure and increasing security measures.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.
GUI-based memory forensic capture tool for cyber forensics and cyber crime investigation.
SwishDbgExt is a Microsoft WinDbg debugging extension that enhances debugging capabilities for kernel developers, troubleshooters, and security experts.
A comprehensive guide to memory forensics, covering tools, techniques, and procedures for analyzing volatile memory.
A powerful tool for extracting passwords and performing various Windows security operations.
LiME is a Linux Memory Extractor tool for acquiring volatile memory from Linux and Linux-based devices, including Android, with features like full memory captures and minimal process footprint.
Web interface for the Volatility Memory Forensics Framework
A practical guide to enhancing digital investigations with cutting-edge memory forensics techniques, covering fundamental concepts, tools, and techniques for memory forensics.
A digital artifact extraction framework for extracting data from volatile memory (RAM) samples, providing visibility into the runtime state of a system.
Scans running processes for potentially malicious implants and dumps them.
KeeFarce allows for the extraction of KeePass 2.x password database information from memory using DLL injection and CLRMD.
Educational CTF-styled challenges for Memory Forensics.
MalConfScan is a Volatility plugin for extracting configuration data of known malware and analyzing memory images.
A toolkit for forensic analysis of network appliances with YARA decoding options and frame extraction capabilities.
