📄
REMnux Documentation
  • REMnux: A Linux Toolkit for Malware Analysis
  • Install the Distro
    • Get the Virtual Appliance
    • Install from Scratch
    • Add to an Existing System
    • Run REMnux as a Container
    • Keep the Distro Up to Date
  • Discover the Tools
    • Examine Static Properties
      • General
      • PE Files
      • ELF Files
      • .NET
      • Deobfuscation
    • Statically Analyze Code
      • General
      • Unpacking
      • PE Files
      • Python
      • Scripts
      • Java
      • .NET
      • Flash
      • Android
    • Dynamically Reverse-Engineer Code
      • General
      • Shellcode
      • Scripts
      • ELF Files
    • Perform Memory Forensics
    • Explore Network Interactions
      • Monitoring
      • Connecting
      • Services
    • Investigate System Interactions
    • Analyze Documents
      • General
      • PDF
      • Microsoft Office
      • Email Messages
    • Gather and Analyze Data
    • View or Edit Files
    • General Utilities
  • Run Tools in Containers
    • Docker Images of Malware Analysis Tools
  • Behind the Scenes
    • People
    • Technologies
      • SaltStack Management
      • REMnux Installer
      • State Files Without the REMnux Installer
      • Debian Packages
      • Website and Docs
    • License
  • Tips and More
    • REMnux Configuration Tips
    • REMnux Tool Tips
    • Malware Analysis Training
    • REMnux Website
  • Get Involved
    • Ask and Answer Questions
    • Write About the Tools
    • Add or Update Tools
      • Contribute a Salt State File
      • Contribute a Debian Package
      • Contribute a Dockerfile
    • Implement Enhancements
Powered by GitBook
On this page
  • Volatility 3
  • Volatility Framework
  • linux_mem_diff_tool
  • AESKeyFinder
  • bulk_extractor
  • RSAKeyFinder
  1. Discover the Tools

Perform Memory Forensics

Discover the Tools

PreviousELF FilesNextExplore Network Interactions

Last updated 3 years ago

Volatility 3

Memory forensics tool and framework

Website: Author: The Volatility Foundation License: Volatility Software License: Notes: Invoke using: vol3, volshell3. Before using, download symbols by following the links from and place them in /usr/local/lib/python3.8/dist-packages/volatility3/framework/symbols State File:

Volatility Framework

Memory forensics tool and framework

Website: Author: License: GNU General Public License (GPL) v2: Notes: Use vol.py to invoke this version of Volatility. To eliminate conflicts among command-line options for Volatility plugins, the following yarascan options have been changed: -Y became -U and -C became -c. State File:

linux_mem_diff_tool

Compare two memory images of Linux systems by using Volatility.

Website: Author: Monnappa K A License: Free, unknown license Notes: linux_mem_diff.py State File:

AESKeyFinder

Find 128-bit and 256-bit AES keys in a memory image.

Website: Author: Nadia Heninger, Alex Halderman License: Free, unknown license Notes: aeskeyfind State File:

bulk_extractor

Extract interesting strings from binary files.

RSAKeyFinder

Find BER-encoded RSA private keys in a memory image.

Website: Author: License: Portions Public Domain, portions MIT License: State File:

Website: Author: Nadia Heninger, Alex Halderman License: Free, unknown license Notes: rsakeyfind State File:

https://github.com/volatilityfoundation/volatility3
https://github.com/volatilityfoundation/volatility3/blob/master/LICENSE.txt
https://github.com/volatilityfoundation/volatility3#symbol-tables
remnux.python3-packages.volatility3
https://github.com/volatilityfoundation/volatility
https://github.com/volatilityfoundation/volatility/blob/2.6.1/AUTHORS.txt
https://github.com/volatilityfoundation/volatility/blob/2.6.1/LICENSE.txt
remnux.python-packages.volatility
https://github.com/monnappa22/linux_mem_diff_tool
remnux.scripts.linuxmemdiff
https://citp.princeton.edu/our-work/memory/
remnux.packages.aeskeyfind
https://github.com/simsong/bulk_extractor/
https://github.com/simsong/bulk_extractor/blob/master/AUTHORS
https://github.com/simsong/bulk_extractor/blob/master/LICENSE.md
remnux.packages.bulk-extractor
https://citp.princeton.edu/our-work/memory/
remnux.packages.rsakeyfind