MalConfScan Logo

MalConfScan

0
Free
Visit Website

MalConfScan is a Volatility plugin that extracts configuration data of known malware, searches for malware in memory images, and dumps configuration data. It also has a function to list strings to which malicious code refers. Supported malware families include Ursnif, Emotet, Smoke Loader, PoisonIvy, CobaltStrike, and many others. Additionally, it can dump decoded strings or DGA domains. MalConfScan also provides additional analysis by listing strings to which malicious code refers and decoding configuration data usually encoded by malware.

FEATURES

ALTERNATIVES

ID-spoofing NFS client

A python module for orchestrating content acquisitions and analysis via Amazon SSM.

A forensic research tool for gathering forensic traces on Android and iOS devices, supporting the use of public indicators of compromise.

Autopsy is a GUI-based digital forensics platform for analyzing hard drives and smart phones, with a plug-in architecture for custom modules.

OSXCollector is a forensic evidence collection & analysis toolkit for OSX.

A library to access and parse Windows Shortcut File (LNK) format.

DFIR ORC Documentation provides detailed instructions for setting up the build environment and deploying the tool.

Remote Acquisition Tool

PINNED