Perform Memory Forensics
Discover the Tools
Memory forensics tool and framework
Website: https://github.com/volatilityfoundation/volatility3
Author: The Volatility Foundation
License: Volatility Software License: https://github.com/volatilityfoundation/volatility3/blob/master/LICENSE.txt
Notes: Invoke using: vol3, volshell3. Before using, download symbols by following the links from https://github.com/volatilityfoundation/volatility3#symbol-tables and place them in
/usr/local/lib/python3.8/dist-packages/volatility3/framework/symbols
State File: remnux.python3-packages.volatility3Memory forensics tool and framework
Website: https://github.com/volatilityfoundation/volatility
Author: https://github.com/volatilityfoundation/volatility/blob/2.6.1/AUTHORS.txt
License: GNU General Public License (GPL) v2: https://github.com/volatilityfoundation/volatility/blob/2.6.1/LICENSE.txt
Notes: Use
vol.py to invoke this version of Volatility. To eliminate conflicts among command-line options for Volatility plugins, the following yarascan options have been changed: -Y became -U and -C became -c.
State File: remnux.python-packages.volatilityCompare two memory images of Linux systems by using Volatility.
Website: https://github.com/monnappa22/linux_mem_diff_tool
Author: Monnappa K A
License: Free, unknown license
Notes: linux_mem_diff.py
State File: remnux.scripts.linuxmemdiff
Find 128-bit and 256-bit AES keys in a memory image.
Website: https://citp.princeton.edu/our-work/memory/
Author: Nadia Heninger, Alex Halderman
License: Free, unknown license
Notes: aeskeyfind
State File: remnux.packages.aeskeyfind
Extract interesting strings from binary files.
Website: https://github.com/simsong/bulk_extractor/
Author: https://github.com/simsong/bulk_extractor/blob/master/AUTHORS
License: Portions Public Domain, portions MIT License: https://github.com/simsong/bulk_extractor/blob/master/LICENSE.md
State File: remnux.packages.bulk-extractor
Find BER-encoded RSA private keys in a memory image.
Website: https://citp.princeton.edu/our-work/memory/
Author: Nadia Heninger, Alex Halderman
License: Free, unknown license
Notes: rsakeyfind
State File: remnux.packages.rsakeyfind
Last modified 10mo ago