📄
REMnux Documentation
📄
REMnux Documentation
📄
REMnux Documentation
📄
REMnux Documentation
REMnux: A Linux Toolkit for Malware Analysis
Install the Distro
Get the Virtual Appliance
Install from Scratch
Add to an Existing System
Run REMnux as a Container
Keep the Distro Up to Date
Discover the Tools
Examine Static Properties
Statically Analyze Code
Dynamically Reverse-Engineer Code
Perform Memory Forensics
Explore Network Interactions
Investigate System Interactions
Analyze Documents
Gather and Analyze Data
View or Edit Files
General Utilities
Run Tools in Containers
Docker Images of Malware Analysis Tools
Behind the Scenes
People
Technologies
License
Tips and More
REMnux Configuration Tips
REMnux Tool Tips
Malware Analysis Training
REMnux Website
Get Involved
Ask and Answer Questions
Write About the Tools
Add or Update Tools
Implement Enhancements
Powered by GitBook

Perform Memory Forensics

Discover the Tools

Volatility 3

Memory forensics tool and framework

Website: https://github.com/volatilityfoundation/volatility3 Author: The Volatility Foundation License: Volatility Software License: https://github.com/volatilityfoundation/volatility3/blob/master/LICENSE.txt Notes: Invoke using: vol3, volshell3. Before using, download symbols by following the links from https://github.com/volatilityfoundation/volatility3#symbol-tables and place them in /usr/local/lib/python3.6/dist-packages/volatility/symbols. State File: remnux.python3-packages.volatility3​

Volatility Framework

Memory forensics tool and framework

Website: https://github.com/volatilityfoundation/volatility Author: https://github.com/volatilityfoundation/volatility/blob/2.6.1/AUTHORS.txt License: GNU General Public License (GPL) v2: https://github.com/volatilityfoundation/volatility/blob/2.6.1/LICENSE.txt Notes: Use vol.py to invoke this version of Volatility. To eliminate conflicts among command-line options for Volatility plugins, the following yarascan options have been changed: -Y became -U and -C became -c. State File: remnux.python-packages.volatility​

linux_mem_diff_tool

Compare two memory images of Linux systems by using Volatility.

Website: https://github.com/monnappa22/linux_mem_diff_tool Author: Monnappa K A License: Free, unknown license Notes: linux_mem_diff.py State File: remnux.scripts.linuxmemdiff​

AESKeyFinder

Find 128-bit and 256-bit AES keys in a memory image.

Website: https://citp.princeton.edu/our-work/memory/ Author: Nadia Heninger, Alex Halderman License: Free, unknown license Notes: aeskeyfind State File: remnux.packages.aeskeyfind​

bulk_extractor

Extract interesting strings from binary files.

Website: https://github.com/simsong/bulk_extractor/ Author: https://github.com/simsong/bulk_extractor/blob/master/AUTHORS License: Portions Public Domain, portions MIT License: https://github.com/simsong/bulk_extractor/blob/master/LICENSE.md State File: remnux.packages.bulk-extractor​

RSAKeyFinder

Find BER-encoded RSA private keys in a memory image.

Website: https://citp.princeton.edu/our-work/memory/ Author: Nadia Heninger, Alex Halderman License: Free, unknown license Notes: rsakeyfind State File: remnux.packages.rsakeyfind​

Previous
ELF Files
Next - Discover the Tools
Explore Network Interactions
Last updated 1 week ago
Contents
Volatility 3
Volatility Framework
linux_mem_diff_tool
AESKeyFinder
bulk_extractor
RSAKeyFinder