Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
翻译 - 扫描给定的进程。识别并转储各种潜在的恶意植入物(替换/注入的PE,shellcode,hook,内存中的修补程序)。
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
翻译 - 扫描所有正在运行的进程。识别并转储各种潜在的恶意植入(替换/植入的 PE、shellcode、挂钩、内存中的补丁)。
Educational, CTF-styled labs for individuals interested in Memory Forensics
翻译 - CTF风格的教育性实验室,面向对记忆取证感兴趣的个人
Dynamic unpacker based on PE-sieve
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Data Visualization Plugin for IDA Pro
Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR
Allows you to quickly query a Windows machine for RAM artifacts
A course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University
Hyper-V Research is trendy now
翻译 - Hyper-V Research现在很流行
Rip Raw is a small tool to analyse the memory of compromised Linux systems.
A curated list of awesome malware analysis tools and resources
C# Implementation of Jared Atkinson's Get-InjectedThread.ps1
Volatility, on Docker 🐳
A script to assist in processing forensic RAM captures for malware triage