MemProcFS
MemProcFS is an easy and convenient way of viewing physical memory as files in a virtual file system. Easy trivial point and click memory analysis without the need for complicated commandline arguments! Access memory content and artifacts via files in a mounted virtual file system or via a feature rich application library to include in your own projects! Analyze memory dump files, live memory via DumpIt or WinPMEM, live memory in read-write mode from virtual machines or from PCILeech FPGA hardware devices! It's even possible to connect to a remote LeechAgent memory acquisition agent over a secured connection - allowing for remote live memory incident response - even over higher latency low band-width connections! Peek into Virtual Machines with MemProcFS, LiveCloudKd or VMware! Use your favorite tools to analyze memory - use your favorite hex editors, your python and powershell scripts, WinDbg or your favorite disassemblers and debuggers - all will work trivally with MemProcFS by just reading and writing files! Get Started! Check out the excellent quick walkthrough from 13Cubed to get going! Also check out my older conference talks from Disobey and BlueHat. For additional information, visit the official website.
FEATURES
ALTERNATIVES
A portable volatile memory acquisition tool for Linux.
Python script to parse macOS MRU plist files into human-friendly format
A PowerShell-based incident response and live forensic data acquisition tool for Windows hosts.
A repository containing material from a talk on sub-domain enumeration techniques
A command-line utility and Python package for mounting and unmounting various disk image formats with support for different volume systems and filesystems.
A tool for fixing acquired .evt Windows Event Log files in digital forensics.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.
A user-friendly and fast Forensic Analysis tool with features like tagging files and generating preview reports.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
CTIChef.com Detection Feeds
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
OSINTLeak
OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.
ImmuniWeb® Discovery
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.