GitHub topics: memory-forensics

Repositories

msuiche/LiveCloudKd

Hyper-V Research is trendy now

Language: C - Size: 12.2 MB - Last synced at: 1 day ago - Pushed at: about 1 year ago - Stars: 181 - Forks: 48

LETHAL-FORENSICS/MemProcFS-Analyzer

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

Language: PowerShell - Size: 11.3 MB - Last synced at: 6 days ago - Pushed at: 3 months ago - Stars: 629 - Forks: 67

microsoft/avml

AVML - Acquire Volatile Memory for Linux

Language: Rust - Size: 991 KB - Last synced at: 4 days ago - Pushed at: 6 days ago - Stars: 952 - Forks: 81

hasherezade/pe-sieve

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

Language: C++ - Size: 131 MB - Last synced at: 19 days ago - Pushed at: about 2 months ago - Stars: 3,313 - Forks: 450

hasherezade/hollows_hunter

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

Language: C - Size: 14.6 MB - Last synced at: 19 days ago - Pushed at: 2 months ago - Stars: 2,155 - Forks: 272

teamdfir/sift

SIFT

Size: 29.3 KB - Last synced at: 15 days ago - Pushed at: over 1 year ago - Stars: 507 - Forks: 65

LETHAL-FORENSICS/Collect-MemoryDump

Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR

Language: PowerShell - Size: 6.81 MB - Last synced at: 6 days ago - Pushed at: 2 months ago - Stars: 240 - Forks: 29

hasherezade/mal_unpack

Dynamic unpacker based on PE-sieve

Language: C - Size: 980 KB - Last synced at: 18 days ago - Pushed at: 3 months ago - Stars: 732 - Forks: 72

bac123456789000/lsass-memory-scraping

The case illustrates the power of structured host-based triage — beginning with logs and EDR, and moving through file inspection, RAM capture, and finally, network artifact confirmation.

Language: Jupyter Notebook - Size: 31.3 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 0 - Forks: 0

Compcode1/lsass-memory-scraping

The case illustrates the power of structured host-based triage — beginning with logs and EDR, and moving through file inspection, RAM capture, and finally, network artifact confirmation.

Language: Jupyter Notebook - Size: 40 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 0 - Forks: 0

forensenellanebbia/volatility-profiles

My Linux profiles built for Volatility 2/3

Size: 23.4 MB - Last synced at: 1 day ago - Pushed at: 8 months ago - Stars: 11 - Forks: 2

h4sh5/DumpIt-mirror

memory dump tool mirror for version 3.0.20171228.1

Size: 267 KB - Last synced at: 3 days ago - Pushed at: over 3 years ago - Stars: 14 - Forks: 1

stuxnet999/MemLabs

Educational, CTF-styled labs for individuals interested in Memory Forensics

Language: Shell - Size: 549 KB - Last synced at: about 2 months ago - Pushed at: over 4 years ago - Stars: 1,715 - Forks: 212

cado-security/varc 📦

Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.

Language: Python - Size: 1.21 MB - Last synced at: about 1 month ago - Pushed at: 7 months ago - Stars: 253 - Forks: 13

patois/IDACyber

Data Visualization Plugin for IDA Pro

Language: Python - Size: 28.6 MB - Last synced at: 3 months ago - Pushed at: over 2 years ago - Stars: 291 - Forks: 32

gleeda/memtriage

Allows you to quickly query a Windows machine for RAM artifacts

Language: Python - Size: 16.4 MB - Last synced at: 2 months ago - Pushed at: almost 5 years ago - Stars: 220 - Forks: 22

asiamina/A-Course-on-Digital-Forensics

A course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University

Language: Rich Text Format - Size: 2.25 GB - Last synced at: 3 months ago - Pushed at: over 1 year ago - Stars: 178 - Forks: 45

jan-hendrik-lang/MemoryInvestigator

Enhancing RAM Investigation with LLM and RAG

Language: Python - Size: 2.17 MB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 1 - Forks: 0

beyefendi/awesome-memory-forensics

Memory forensics literature

Size: 8.79 KB - Last synced at: 28 days ago - Pushed at: about 1 year ago - Stars: 2 - Forks: 0

serialphotog/Linux-Memory-Analysis-Tools

Various POC tools for dumping and scanning the memory on a Linux system.

Language: C - Size: 22.5 KB - Last synced at: 2 months ago - Pushed at: 4 months ago - Stars: 0 - Forks: 0

fkie-cad/bpf-rootkit-workshop

Workshop: Forensic Analysis of eBPF based Linux Rootkits

Language: C - Size: 4.02 MB - Last synced at: 2 months ago - Pushed at: about 1 year ago - Stars: 7 - Forks: 2

sk4la/volatility3-docker

Volatility, on Docker 🐳

Language: Dockerfile - Size: 110 KB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 33 - Forks: 4

GDATASoftwareAG/smartvmi

Virtual Machine Introspection (VMI) for memory forensics and machine-learning.

Language: C++ - Size: 1.03 MB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 26 - Forks: 6

BraydenProckish/buffn3rd-Writeups

These are my writeups for cybersecurity platforms that will go in-depth on how I solved a challenge.

Size: 161 KB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 0 - Forks: 0

amir9339/volatility-docker

A suite of Volatility 3 plugins for memory forensics of Docker containers

Language: Python - Size: 13.9 MB - Last synced at: 2 months ago - Pushed at: over 1 year ago - Stars: 18 - Forks: 3

cado-security/rip_raw 📦

Rip Raw is a small tool to analyse the memory of compromised Linux systems.

Language: Python - Size: 914 KB - Last synced at: 7 months ago - Pushed at: over 3 years ago - Stars: 131 - Forks: 16

vobst/BPFVol3

Linux BPF plugins for Volatility3

Language: Python - Size: 17.3 MB - Last synced at: 2 months ago - Pushed at: over 1 year ago - Stars: 10 - Forks: 1

Divinemonk/memory_forensics_with_volatility

Memory Forensics with Volatility

Size: 16.6 KB - Last synced at: 3 days ago - Pushed at: over 1 year ago - Stars: 1 - Forks: 0

ytisf/muninn

A short and small memory forensics helper.

Language: Python - Size: 532 KB - Last synced at: about 1 month ago - Pushed at: over 7 years ago - Stars: 52 - Forks: 9

Hestat/calamity

A script to assist in processing forensic RAM captures for malware triage

Language: Shell - Size: 33.2 KB - Last synced at: about 2 months ago - Pushed at: over 4 years ago - Stars: 27 - Forks: 7

TazWake/volatility-plugins

Learning volatility plugins.

Language: Python - Size: 93.8 KB - Last synced at: about 2 months ago - Pushed at: over 4 years ago - Stars: 19 - Forks: 4

mylamour/-_--Forensics-Tools

Not Only Forensics Toolkit

Language: PowerShell - Size: 85.1 MB - Last synced at: about 2 months ago - Pushed at: about 7 years ago - Stars: 5 - Forks: 2

swwwolf/wdbgark

WinDBG Anti-RootKit Extension

Language: C++ - Size: 2.94 MB - Last synced at: 10 months ago - Pushed at: almost 5 years ago - Stars: 611 - Forks: 178

ditekshen/back-in-2017

The Kill Chain Evolution of a Middle Eastern Threat Actor Intelligence from Seventeen Months of Deception and Analysis of Politically Targeted Malware Attacks

Size: 14.9 MB - Last synced at: 3 months ago - Pushed at: about 1 year ago - Stars: 0 - Forks: 0

digitalisx/januss

Janus: malware analysis by memory comparison

Language: Python - Size: 43 KB - Last synced at: about 1 year ago - Pushed at: over 2 years ago - Stars: 1 - Forks: 0

alicangnll/pymem

PyMem - Memory Acquisition Tool

Language: Python - Size: 408 KB - Last synced at: 10 months ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0

aleprada/memory-forensics-challenges

This repository contains memory forensics challenges that I've been solving using Volatility.

Size: 5.05 MB - Last synced at: over 1 year ago - Pushed at: over 3 years ago - Stars: 4 - Forks: 0

AndrewRathbun/RAMDumpExplorer Fork of bacanoicua/RAMDumpExplorer

An updated fork of @bacanoicua's RAMDumpExplorer project. This is a program designed to analyze a dump of the RAM memory to search for potentially malicious files. The program scans the dump file for specific patterns and uses regular expressions to identify and extract the matched values

Language: C# - Size: 23.4 KB - Last synced at: about 1 year ago - Pushed at: almost 2 years ago - Stars: 5 - Forks: 0