# Perform Memory Forensics

## Volatility Framework

Memory forensics tool and framework.

**Website**: <https://github.com/volatilityfoundation/volatility3>\
**Author**: The Volatility Foundation\
**License**: Volatility Software License: <https://github.com/volatilityfoundation/volatility3/blob/master/LICENSE.txt>\
**Notes**: Invoke using: vol3, volshell3. Before using, download symbols by following the links from <https://github.com/volatilityfoundation/volatility3#symbol-tables> and place them in `/opt/volatility3/lib/python3.*/site-packages/volatility3/symbols`\
**State File**: [remnux.python3-packages.volatility3](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/volatility3.sls)

## AESKeyFinder

Find 128-bit and 256-bit AES keys in a memory image.

**Website**: <https://citp.princeton.edu/our-work/memory/>\
**Author**: Nadia Heninger, Alex Halderman\
**License**: Free, unknown license\
**Notes**: aeskeyfind\
**State File**: [remnux.packages.aeskeyfind](https://github.com/REMnux/salt-states/blob/master/remnux/packages/aeskeyfind.sls)

## RSAKeyFinder

Find BER-encoded RSA private keys in a memory image.

**Website**: <https://citp.princeton.edu/our-work/memory/>\
**Author**: Nadia Heninger, Alex Halderman\
**License**: Free, unknown license\
**Notes**: rsakeyfind\
**State File**: [remnux.packages.rsakeyfind](https://github.com/REMnux/salt-states/blob/master/remnux/packages/rsakeyfind.sls)

## bulk\_extractor

Extract interesting strings from binary files.

**Website**: <https://github.com/simsong/bulk_extractor/>\
**Author**: <https://github.com/simsong/bulk_extractor/blob/master/AUTHORS>\
**License**: Portions Public Domain, portions MIT License: <https://github.com/simsong/bulk_extractor/blob/master/LICENSE.md>\
**State File**: [remnux.packages.bulk-extractor](https://github.com/REMnux/salt-states/blob/master/remnux/packages/bulk-extractor.sls)