πŸ“„
πŸ“„
πŸ“„
πŸ“„
REMnux Documentation
Search…
πŸ“„
πŸ“„
πŸ“„
πŸ“„
REMnux Documentation
REMnux: A Linux Toolkit for Malware Analysis
Install the Distro
Get the Virtual Appliance
Install from Scratch
Add to an Existing System
Run REMnux as a Container
Keep the Distro Up to Date
Discover the Tools
Examine Static Properties
Statically Analyze Code
Dynamically Reverse-Engineer Code
Perform Memory Forensics
Explore Network Interactions
Investigate System Interactions
Analyze Documents
Gather and Analyze Data
View or Edit Files
General Utilities
Run Tools in Containers
Docker Images of Malware Analysis Tools
Behind the Scenes
People
Technologies
License
Tips and More
REMnux Configuration Tips
REMnux Tool Tips
Malware Analysis Training
REMnux Website
Get Involved
Ask and Answer Questions
Write About the Tools
Add or Update Tools
Implement Enhancements
Powered By GitBook
Perform Memory Forensics
Discover the Tools

Volatility 3

Memory forensics tool and framework
Website: https://github.com/volatilityfoundation/volatility3 Author: The Volatility Foundation License: Volatility Software License: https://github.com/volatilityfoundation/volatility3/blob/master/LICENSE.txt Notes: Invoke using: vol3, volshell3. Before using, download symbols by following the links from https://github.com/volatilityfoundation/volatility3#symbol-tables and place them in /usr/local/lib/python3.8/dist-packages/volatility3/framework/symbols State File: remnux.python3-packages.volatility3​

Volatility Framework

Memory forensics tool and framework
Website: https://github.com/volatilityfoundation/volatility Author: https://github.com/volatilityfoundation/volatility/blob/2.6.1/AUTHORS.txt License: GNU General Public License (GPL) v2: https://github.com/volatilityfoundation/volatility/blob/2.6.1/LICENSE.txt Notes: Use vol.py to invoke this version of Volatility. To eliminate conflicts among command-line options for Volatility plugins, the following yarascan options have been changed: -Y became -U and -C became -c. State File: remnux.python-packages.volatility​

linux_mem_diff_tool

Compare two memory images of Linux systems by using Volatility.
Website: https://github.com/monnappa22/linux_mem_diff_tool Author: Monnappa K A License: Free, unknown license Notes: linux_mem_diff.py State File: remnux.scripts.linuxmemdiff​

AESKeyFinder

Find 128-bit and 256-bit AES keys in a memory image.
Website: https://citp.princeton.edu/our-work/memory/ Author: Nadia Heninger, Alex Halderman License: Free, unknown license Notes: aeskeyfind State File: remnux.packages.aeskeyfind​

bulk_extractor

Extract interesting strings from binary files.

RSAKeyFinder

Find BER-encoded RSA private keys in a memory image.
Website: https://citp.princeton.edu/our-work/memory/ Author: Nadia Heninger, Alex Halderman License: Free, unknown license Notes: rsakeyfind State File: remnux.packages.rsakeyfind​
Previous
ELF Files
Next - Discover the Tools
Explore Network Interactions
Last modified 7mo ago
Copy link
Outline
Volatility 3
Volatility Framework
linux_mem_diff_tool
AESKeyFinder
bulk_extractor
RSAKeyFinder