memory-forensics

Star

Here are 65 public repositories matching this topic...

Language:All

Filter by language

All65 Python26 C5 C++4 PowerShell3 C#2 Rust2 Shell2 Dockerfile1 Go1 Rich Text Format1

Sort:Most stars

Sort options

Most stars Fewest stars Most forks Fewest forks Recently updated Least recently updated

hasherezade /pe-sieve

Star3.3k

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

scans anti-malware malware-analysis pe-format hooking pe-analyzer memory-forensics pe-dumper libpeconv process-analyzer pe-sieve

UpdatedMar 16, 2025
C++

hasherezade /hollows_hunter

Star2.1k

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

anti-malware malware-analysis memory-forensics malware-detection pe-sieve

UpdatedFeb 22, 2025
C

stuxnet999 /MemLabs

Star1.7k

Educational, CTF-styled labs for individuals interested in Memory Forensics

windows security forensics dfir cybersecurity ctf digital-forensics memory-forensics ctf-challenges

UpdatedMar 8, 2021
Shell

microsoft /avml

Star924

AVML - Acquire Volatile Memory for Linux

rust memory-forensics linux-security

UpdatedMar 25, 2025
Rust

hasherezade /mal_unpack

Star717

Dynamic unpacker based on PE-sieve

malware-analysis memory-forensics libpeconv pe-sieve malware-unpacker

UpdatedMar 16, 2025
C

swwwolf /wdbgark

Star626

WinDBG Anti-RootKit Extension

windows c-plus-plus visual-studio malware driver kernel-mode crash-dump windbg malware-analysis windbg-extension malware-research forensic-analysis debugging-tool memory-forensics anomaly-detection anti-rootkit wdbgark user-mode sww swwwolf

UpdatedJul 29, 2020
C++

LETHAL-FORENSICS /MemProcFS-Analyzer

Star603

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

powershell incident-response dfir digital-forensics memory-forensics live-response memprocfs

UpdatedMar 10, 2025
PowerShell

teamdfir /sift

Star502

SIFT

cli aws forensics saltstack cast sift memory-forensics sans issues-only timeline-analysis salt-state cast-distro

UpdatedFeb 14, 2024

patois /IDACyber

Star291

Data Visualization Plugin for IDA Pro

pixel-art reverse-engineering data-visualization memory-hacking ida ida-pro cyber exploitation idapython-plugin memory-forensics color-filter firmware-analysis

UpdatedDec 6, 2022
Python

cado-security /varc

Star253

Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.

aws security aws-lambda forensics dfir hacktoberfest memory-forensics cloud-security aws-fargate dfir-automation docker-forensics aws-forensics eks-forensics fargate-forensics