Repository navigation

#

memory-forensics

hasherezade / pe-sieve 

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

pe-formathookingpe-dumperpe-analyzerlibpeconvprocess-analyzerscansanti-malwarepe-sievemalware-analysismemory-forensics
C++
3277
1 天前
hasherezade / hollows_hunter 

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

pe-sieveanti-malwaremalware-analysismalware-detectionmemory-forensics
C
2148
21 天前
stuxnet999/MemLabs
stuxnet999 / MemLabs 

Educational, CTF-styled labs for individuals interested in Memory Forensics

forensicsdfirmemory-forensicsWindowsctfctf-challengesdigital-forensics安全Cybersecurity
Shell
1719
4 年前
microsoft / avml 

AVML - Acquire Volatile Memory for Linux

Rustmemory-forensicslinux-security
Rust
937
2 天前
hasherezade / mal_unpack 

Dynamic unpacker based on PE-sieve

libpeconvpe-sievememory-forensicsmalware-unpackermalware-analysis
C
724
1 个月前
swwwolf / wdbgark 

WinDBG Anti-RootKit Extension

kernel-modeC++Malwaremalware-analysismalware-researchforensic-analysiswindbgwindbg-extensionanti-rootkitWindowsVisual Studiodrivermemory-forensicsanomaly-detectionuser-modedebugging-tool
C++
628
5 年前
LETHAL-FORENSICS / MemProcFS-Analyzer 

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

PowerShellincident-responsedfirdigital-forensicsmemory-forensics
PowerShell
619
1 个月前
teamdfir / sift 

SIFT

forensicssansmemory-forensicssaltstack命令行界面Amazon Web Servicescast
503
1 年前
patois / IDACyber 

Data Visualization Plugin for IDA Pro

idacyber数据可视化ida-proidapython-plugin逆向工程memory-hackingPixel Artcolor-filtermemory-forensicsfirmware-analysisexploitation
Python
291
2 年前
cado-security / varc 

Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.

Amazon Web Servicesaws-fargateaws-lambdacloud-securitydfirdfir-automationforensicsmemory-forensicsaws-forensicsdocker-forensics安全Hacktoberfest
Python
253
5 个月前
LETHAL-FORENSICS / Collect-MemoryDump 

Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR

PowerShelldfirdigital-forensicsincident-responsememory-forensics
PowerShell
237
21 天前
gleeda / memtriage 

Allows you to quickly query a Windows machine for RAM artifacts

memory-forensicsmemoryramMalwarememory-analysisvolatility
Python
221
5 年前
asiamina / A-Course-on-Digital-Forensics 

A course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University

courses逆向工程memory-forensicsnetwork-forensicsdigital-forensics
Rich Text Format
182
2 年前
msuiche / LiveCloudKd 

Hyper-V Research is trendy now

memory-forensicsvirtual-machines
C
178
1 年前
cado-security / rip_raw 

Rip Raw is a small tool to analyse the memory of compromised Linux systems.

安全memory-forensicsforensicsdfirforensic-analysisdfir-automation
Python
130
3 年前
kh4sh3i / Malware-Analysis 

A curated list of awesome malware analysis tools and resources

Malwaremalware-analysismalware-detectionmemory-forensicsforensicida-provolatilitymobsfx64dbgwindbg逆向工程
75
3 年前
Apr4h / GetInjectedThreads 

C# Implementation of Jared Atkinson's Get-InjectedThread.ps1

incident-responsememory-forensicsblueteamprocess-injection
C#
53
4 年前
ytisf / muninn 

A short and small memory forensics helper.

Pythonvolatilitymemory-forensics
Python
52
8 年前
sk4la / volatility3-docker 

Volatility, on Docker 🐳

Dockervolatilityvolatility-frameworkdigital-forensicsforensicsmemory-forensics
Dockerfile
34
8 天前
Hestat / calamity 

A script to assist in processing forensic RAM captures for malware triage

dfirvolatilitymemory-forensicsmalware-analysis
Shell
27
4 年前