MemProcFS
MemProcFS is an easy and convenient way of viewing physical memory as files in a virtual file system. Easy trivial point and click memory analysis without the need for complicated commandline arguments! Access memory content and artifacts via files in a mounted virtual file system or via a feature rich application library to include in your own projects! Analyze memory dump files, live memory via DumpIt or WinPMEM, live memory in read-write mode from virtual machines or from PCILeech FPGA hardware devices! It's even possible to connect to a remote LeechAgent memory acquisition agent over a secured connection - allowing for remote live memory incident response - even over higher latency low band-width connections! Peek into Virtual Machines with MemProcFS, LiveCloudKd or VMware! Use your favorite tools to analyze memory - use your favorite hex editors, your python and powershell scripts, WinDbg or your favorite disassemblers and debuggers - all will work trivally with MemProcFS by just reading and writing files! Get Started! Check out the excellent quick walkthrough from 13Cubed to get going! Also check out my older conference talks from Disobey and BlueHat. For additional information, visit the official website.
FEATURES
ALTERNATIVES
Dump the contents of the location database files on iOS and macOS with output options like KML and CSV.
Toolkit for post-mortem analysis of Docker runtime environments using forensic HDD copies.
A collection of tools for extracting and analyzing information from .git repositories
Generate comprehensive reports about Windows systems with detailed system, security, networking, and USB information.
A framework for orchestrating forensic collection, processing, and data export.
Free software for extracting Microsoft cabinet files, supporting all features and formats of Microsoft cabinet files and Windows CE installation files.
A recognition framework for identifying products, services, operating systems, and hardware by matching fingerprints against network probes.
Analyzing WiFiConfigStore.xml file for digital forensics on Android devices.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.