MalConfScan Logo

MalConfScan

0
Free
Visit Website

MalConfScan is a Volatility plugin that extracts configuration data of known malware, searches for malware in memory images, and dumps configuration data. It also has a function to list strings to which malicious code refers. Supported malware families include Ursnif, Emotet, Smoke Loader, PoisonIvy, CobaltStrike, and many others. Additionally, it can dump decoded strings or DGA domains. MalConfScan also provides additional analysis by listing strings to which malicious code refers and decoding configuration data usually encoded by malware.

FEATURES

ALTERNATIVES

A Mac OS X forensic utility for ensuring correct forensic procedures during disk imaging.

A network forensics toolkit that transforms network traffic data into graph-based representations for interactive analysis and visualization through a web interface.

A library and set of tools for accessing and analyzing storage media devices and partitions for forensic analysis and investigation.

Exiv2 is a C++ library and command-line utility for image metadata manipulation.

Orochi is a collaborative forensic memory dump analysis framework.

Exterro is a data risk management platform that optimizes e-discovery, digital forensics, and cybersecurity compliance operations.

A shell script for basic forensic collection of various artefacts from UNIX systems.

GVfs is a userspace virtual filesystem implementation for GIO with various backends and features.