Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

Educational, CTF-styled labs for individuals interested in Memory Forensics

AVML - Acquire Volatile Memory for Linux

Dynamic unpacker based on PE-sieve

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

WinDBG Anti-RootKit Extension

SIFT

Data Visualization Plugin for IDA Pro

Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.

Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR

Allows you to quickly query a Windows machine for RAM artifacts

Hyper-V Research is trendy now

A course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University

A curated list of awesome malware analysis tools and resources

Rip Raw is a small tool to analyse the memory of compromised Linux systems.

C# Implementation of Jared Atkinson's Get-InjectedThread.ps1

A short and small memory forensics helper.

Volatility, on Docker 🐳

A Frida-based utility for dynamically extracting native (.so) libraries from Android applications.

Generate Volatility3 profiles from BTF.

Tool to extract the kallsyms (System.map) from a memory dump

Virtual Machine Introspection (VMI) for memory forensics and machine-learning.

A script to assist in processing forensic RAM captures for malware triage

Linux BPF plugins for Volatility3

Development guide for Volatility Plugins

This repository is tailored for participants of the Polish training course "Live Cold Boot Attack: How to Decrypt a Laptop by Freezing Memory?". It offers demos and tools to explore memory freezing attacks and data recovery techniques in real-world scenarios.

A portfolio demonstrating advanced blue and red team skills, including: SSH MFA implementation, Volatility-based memory forensics to detect code injection, Splunk threat hunting (BOTS v3), Wireshark C2 analysis, and kernel exploitation walkthroughs (LinPEAS, VulnHub).

Learning volatility plugins.

A suite of Volatility 3 plugins for memory forensics of Docker containers