#Memory-forensics
Showing 17 of 17 repositories tagged #memory-forensics, ranked by stars
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Educational, CTF-styled labs for individuals interested in Memory Forensics
Historical Windows temporal memory-state research artifact for studying time-bound memory observations, validation limits, and defensive visibility.
Dynamic unpacker based on PE-sieve
WinDBG Anti-RootKit Extension
SIFT
A curated list of awesome malware analysis tools and resources
Cross-platform incident response toolkit. 28 pre-built use cases, single binary, zero install. Memory, disk, network, and cloud collection with automated timeline generation.
First open-source DMA-based HWID spoofer written in Rust. Spoof hardware IDs via direct memory access.
A Frida-based utility for dynamically extracting native (.so) libraries from Android applications.
Windows memory scanner for call stack spoofing detection, unbacked shellcode, injected DLLs and in-memory C2 implants.
Virtual Machine Introspection (VMI) for memory forensics and machine-learning.
A script to assist in processing forensic RAM captures for malware triage
A portfolio demonstrating advanced blue and red team skills, including: SSH MFA implementation, Volatility-based memory forensics to detect code injection, Splunk threat hunting (BOTS v3), Wireshark C2 analysis, and kernel exploitation walkthroughs (LinPEAS, VulnHub).
This repository contains memory forensics challenges that I've been solving using Volatility.
M3MX Unified memory forensics workbench powered by Volatility manual & automated analysis, MITRE ATT&CK mapping, and an AI agent, all in your browser.