MemProcFS-Analyzer
Memory analyzer
Automated tool for forensic analysis of Windows memory dumps
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
555 stars
22 watching
59 forks
Language: PowerShell
last commit: 11 months ago dfirdigital-forensicsincident-responselive-responsememory-forensicsmemprocfspowershell
Related projects:
| Repository | Description | Stars |
|---|---|---|
 securityjoes/forensicminer | Automates evidence collection and analysis from Windows machines using PowerShell. | 149 |
 antique-team/memcad | Analyzes C code for its memory layout and dependencies | 25 |
 gleeda/memtriage | Analyze Windows machine RAM artifacts using Winpmem and Volatility | 218 |
 stuxnet999/memlabs | An educational platform for learning memory forensics through interactive CTF-style challenges | 1,670 |
 trustedsec/pplfaultdumpbof | Tools for analyzing PPLFault-related malware behavior on Windows 10 | 134 |
 ytisf/muninn | A tool to assist in memory forensics analysis on Windows systems by automating the process of extracting and exporting relevant data from memory images. | 52 |
 kero99/mftmactime | Analyzes and processes NTFS file system data to extract timeline information and run YARA rules for malware detection. | 12 |
 invoke-ir/powerforensics | A C#-based framework for analyzing and investigating hard drive forensic data | 1,389 |
 ydkhatri/mac_apt | A digital forensics tool for analyzing macOS and iOS systems | 790 |
 msuhanov/dfir_ntfs | A digital forensics tool for parsing and analyzing NTFS/FAT file systems. | 196 |
 anssi-fr/dfir4vsphere | A PowerShell module for collecting logs and forensics data from VMware vSphere environments. | 143 |
 codeyourweb/fastfinder | Tools for detecting suspicious files and directories on Windows and Linux endpoints. | 234 |
 teamdfir/sift | A suite of tools and images for building and managing digital forensics environments on AWS | 494 |
 mike-north/ember-perf | A tool for measuring and analyzing the performance of Ember.js applications. | 73 |
 nccgroup/windowsmempagedelta | Software designed to monitor Windows executable memory page changes to detect anomalies in system behavior | 28 |