MemProcFS-Analyzer
Memory analyzer
Automated forensic analysis tool for Windows memory dumps
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
540 stars
21 watching
58 forks
Language: PowerShell
last commit: 23 days ago dfirdigital-forensicsincident-responselive-responsememory-forensicsmemprocfspowershell
Related projects:
| Repository | Description | Stars |
|---|---|---|
 securityjoes/forensicminer | Automates evidence collection and analysis from Windows machines using PowerShell. | 148 |
 antique-team/memcad | Analyzes C code for its memory layout and dependencies | 25 |
 gleeda/memtriage | Analyze Windows machine RAM artifacts using Winpmem and Volatility | 218 |
 stuxnet999/memlabs | An educational CTF-styled lab platform for learning memory forensics and digital forensics using shell scripting and Volatility Framework | 1,659 |
 trustedsec/pplfaultdumpbof | Tools for analyzing PPLFault-related malware behavior on Windows 10 | 133 |
 ytisf/muninn | A tool to assist in memory forensics analysis on Windows systems by automating the process of extracting and exporting relevant data from memory images. | 52 |
 kero99/mftmactime | Analyzes and processes NTFS file system data to extract timeline information and run YARA rules for malware detection. | 12 |
 invoke-ir/powerforensics | A C#-based framework for analyzing and investigating hard drive forensic data | 1,385 |
 ydkhatri/mac_apt | A digital forensics tool for analyzing macOS and iOS systems | 781 |
 msuhanov/dfir_ntfs | A digital forensics tool for parsing and analyzing NTFS/FAT file systems. | 191 |
 anssi-fr/dfir4vsphere | A PowerShell module for collecting logs and forensics data from VMware vSphere environments. | 140 |
 codeyourweb/fastfinder | Tools for detecting suspicious files and directories on Windows and Linux endpoints. | 232 |
 teamdfir/sift | A suite of tools and images for building and managing digital forensics environments on AWS | 491 |
 mike-north/ember-perf | A tool for measuring and analyzing the performance of Ember.js applications. | 73 |
 nccgroup/windowsmempagedelta | Software designed to monitor Windows executable memory page changes to detect anomalies in system behavior | 28 |