awesome-repositories.com
Blog
awesome-repositories.com

Descubre los mejores repositorios open-source con nuestra búsqueda potenciada por IA.

ExplorarBúsquedas curadasAlternativas open-sourceSoftware autohospedableBlogMapa del sitio
ProyectoAcerca deCómo clasificamosPrensaServidor MCP
Aviso legalPrivacidadTérminos
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

14 repositorios

Awesome GitHub RepositoriesMemory Forensics

Tools and frameworks for analyzing volatile memory dumps to investigate malware and system state.

Distinct from Memory Forensics: Existing candidates were listed under awesome-lists rather than the core security taxonomy.

Explore 14 awesome GitHub repositories matching security & cryptography · Memory Forensics. Refine with filters or upvote what's useful.

Awesome Memory Forensics GitHub Repositories

Encuentra los mejores repositorios con IA.Buscaremos los repositorios que mejor coincidan usando IA.
  • zardus/ctf-toolsAvatar de zardus

    zardus/ctf-tools

    9,434Ver en GitHub↗

    This project is a security tool installation framework and binary analysis toolkit designed to automate the deployment of research utilities. It provides a containerized security research environment and a system for managing Python and Ruby virtual environments to prevent dependency conflicts on the host machine. The framework distinguishes itself through a structured tool catalog and provisioning scripts that automate the installation of utilities into isolated directories. It utilizes executable symlink mapping to provide a unified command interface and supports the bootstrapping of consis

    Automates the installation and configuration of the Volatility framework and other memory forensics software.

    Shell
    Ver en GitHub↗9,434
  • volatilityfoundation/volatilityAvatar de volatilityfoundation

    volatilityfoundation/volatility

    7,971Ver en GitHub↗

    Volatility is a memory forensics framework and digital forensics tool designed to extract and analyze evidence from volatile computer memory dumps. It functions as a memory dump parser and analysis platform used to identify running processes, network connections, and loaded modules from a system RAM capture. The framework enables the reconstruction of system state to uncover malicious activity, such as rootkits and injected code, during malware incident response and threat hunting. It provides capabilities for digital forensic investigations to detect unauthorized access and indicators of com

    Extracts data from active memory to uncover hidden evidence for digital forensic investigations.

    Pythonmalwarememorypython
    Ver en GitHub↗7,971
  • ufrisk/pcileechAvatar de ufrisk

    ufrisk/pcileech

    7,738Ver en GitHub↗

    pcileech is a toolkit for executing DMA attacks, analyzing PCIe bus traffic, performing kernel patching, and conducting remote volatile memory forensics. It functions as a hardware memory acquisition tool and a PCIe DMA attack framework designed to read and write remote system memory via direct hardware interfaces. The project provides capabilities for capturing and displaying raw transaction layer packets from the PCIe bus and mounting live RAM as local drives for analysis. It enables the modification of system memory signatures and the execution of shellcode or implants within the kernel wi

    Mounts live RAM as local drives and analyzes remote memory without needing full data dumps.

    C
    Ver en GitHub↗7,738
  • hluwa/frida-dexdumpAvatar de hluwa

    hluwa/frida-dexdump

    4,487Ver en GitHub↗

    frida-dexdump is an Android memory forensics tool that recovers Dalvik Executable (DEX) files from running application processes using the Frida dynamic instrumentation framework. It functions as a Frida-based runtime analyzer and DEX memory dumper, capable of extracting obfuscated or packed DEX files without modifying the Android system. The tool distinguishes itself through its ability to repair corrupted or missing DEX file headers using heuristic analysis and fuzzy matching techniques. It employs fuzzy boundary detection to identify DEX file boundaries in memory even when headers are dama

    A memory analysis utility that recovers obfuscated or packed DEX files from running Android applications.

    Python
    Ver en GitHub↗4,487
  • zer0yu/awesome-cobaltstrikeAvatar de zer0yu

    zer0yu/Awesome-CobaltStrike

    4,419Ver en GitHub↗

    Este proyecto es una colección curada de herramientas, scripts y guías técnicas diseñadas para mejorar las operaciones de seguridad ofensiva utilizando Cobalt Strike. Sirve como un centro de recursos para gestionar la infraestructura de comando y control y desplegar compromisos de seguridad. La colección incluye toolkits para evadir sistemas de detección y respuesta de endpoints (EDR), junto con librerías para automatizar tareas de red team como reconocimiento y enumeración de hosts. Proporciona recursos para desarrollar frameworks de post-explotación, centrándose específicamente en la creación de librerías reflexivas y código residente en memoria. El repositorio cubre una amplia gama de capacidades operativas, incluyendo la personalización del tráfico de red para evitar la detección, análisis forense de memoria para análisis de infraestructura y varias técnicas de ofuscación de shellcode. También incluye guías para configurar servidores de comando y control y realizar inyección de procesos en el host.

    Provides tools for analyzing volatile memory dumps to investigate and identify malicious C2 beacons and servers.

    Ver en GitHub↗4,419
  • ufrisk/memprocfsAvatar de ufrisk

    ufrisk/MemProcFS

    4,202Ver en GitHub↗

    MemProcFS es una herramienta de análisis de memoria volátil y un sistema de adquisición de memoria multiplataforma. Funciona como un sistema de archivos virtual de análisis forense de memoria, mapeando la memoria física y los objetos del kernel en una estructura de directorio virtual que permite a los usuarios analizar artefactos del sistema utilizando herramientas estándar de sistema de archivos. El proyecto se distingue por proporcionar un sistema de archivos virtual para análisis forense de memoria, permitiendo navegar y consultar la memoria física como archivos y carpetas de solo lectura. También incorpora un escáner de memoria basado en Yara para identificar firmas de malware y código inyectado dentro de la memoria física. El motor cubre una amplia gama de capacidades forenses, incluyendo inspección de procesos e hilos, listado de conexiones de red y análisis del registro de Windows. Admite la ingesta de datos desde sistemas en vivo, volcados de memoria (crash dumps) y máquinas virtuales, mientras proporciona resolución de símbolos para traducir direcciones de memoria sin procesar en nombres significativos. La integración se admite mediante una interfaz programática multilingüe y envoltorios de biblioteca nativos para C y Java, así como scripting en Python para flujos de trabajo automatizados.

    Analyzes physical memory dumps or live system state to identify security threats and recover system artifacts.

    C
    Ver en GitHub↗4,202
  • volatilityfoundation/volatility3Avatar de volatilityfoundation

    volatilityfoundation/volatility3

    4,192Ver en GitHub↗

    Volatility3 es un framework de análisis forense de memoria y herramienta utilizada para analizar volcados de memoria volátil. Extrae artefactos digitales y reconstruye el estado de ejecución de un sistema para recuperar información de procesos, artefactos de red y otras pruebas forenses. El sistema funciona como un motor forense basado en plugins y un resolvedor de símbolos del sistema operativo. Mapea direcciones de memoria sin procesar a estructuras de sistema conocidas utilizando tablas de símbolos y capas de traducción, y proporciona una arquitectura extensible para crear escáneres y renderizadores personalizados. El framework incluye un explorador de memoria de línea de comandos para el descubrimiento de datos en tiempo real y una interfaz programable para automatizar la generación de informes de memoria. Maneja la extracción de artefactos digitales y la resolución de símbolos del sistema a través de un proceso de traducción de direcciones basado en capas.

    Provides a comprehensive framework for analyzing volatile memory dumps to reconstruct runtime system states.

    Python
    Ver en GitHub↗4,192
  • huntergregal/mimipenguinAvatar de huntergregal

    huntergregal/mimipenguin

    4,129Ver en GitHub↗

    MimiPenguin es un extractor de credenciales de memoria de Linux y herramienta de recuperación de contraseñas diseñada para aislar y recuperar contraseñas de inicio de sesión de usuario en texto plano de la memoria de procesos activos. Funciona como una utilidad de post-explotación para extraer credenciales sensibles de sesiones de usuario de escritorio durante evaluaciones de seguridad. La herramienta realiza análisis forense de memoria de Linux analizando la memoria de procesos del sistema para identificar y aislar credenciales. Se utiliza para pruebas de penetración de seguridad y evaluación de riesgos asociados con ataques basados en memoria, así como para probar la escalada de privilegios local. El sistema se dirige a la memoria de la sesión de usuario volcando la memoria virtual de los procesos en ejecución. Utiliza escaneo de memoria basado en patrones, identificación heurística de contraseñas y aislamiento de credenciales en texto plano para distinguir posibles contraseñas de datos binarios.

    Analyzes system process memory to identify and isolate sensitive data like user credentials and passwords.

    C
    Ver en GitHub↗4,129
  • neo23x0/lokiAvatar de Neo23x0

    Neo23x0/Loki

    3,763Ver en GitHub↗

    Loki is an endpoint detection tool, forensic artifact analyzer, and threat intelligence scanner. It functions as a YARA-based indicator of compromise scanner designed to identify malicious persistence mechanisms, web shells, and unauthorized administration tools across local and remote systems. The project distinguishes itself by integrating multi-source threat intelligence, allowing for the loading of custom signature sets and encrypted indicators. It combines hash-based artifact detection with YARA rule execution to scan files, process memory, and registry hives for known malicious byte seq

    Analyzes disk images, memory dumps, and registry hives to find indicators of compromise.

    Python
    Ver en GitHub↗3,763
  • velocidex/velociraptorAvatar de Velocidex

    Velocidex/velociraptor

    3,769Ver en GitHub↗

    Velociraptor is a digital forensics and incident response platform, endpoint detection and response system, and visibility tool. It provides a query engine and remote forensic collector used to hunt for indicators of compromise and perform triage across a fleet of hosts. The system is distinguished by its specialized query language for interrogating host state and parsing binary files. It features a notebook environment that combines markdown documentation with executable query cells to standardize investigative workflows and enable collaborative reporting. The platform covers a wide range o

    Extracts critical forensic evidence from host memory and files into local files for further analysis.

    Godigital-forensicsendpoint-discoveryendpoint-protection
    Ver en GitHub↗3,769
  • hasherezade/pe-sieveAvatar de hasherezade

    hasherezade/pe-sieve

    3,559Ver en GitHub↗

    pe-sieve is a set of diagnostic tools for scanning Windows process memory to identify malicious implants, shellcode, and hooks. It functions as an in-memory implant detector, malware unpacker, and process callstack analyzer designed to locate and dump memory patches and injected code from running processes. The project identifies advanced evasion techniques, such as process hollowing and reflective injection, by verifying portable executable structures in memory. It distinguishes itself by analyzing process callstacks to detect anomalies and redirections and by reconstructing executable heade

    Extracts raw segments of injected executables and shellcode from volatile memory for offline forensic examination.

    C++anti-malwarehookinglibpeconv
    Ver en GitHub↗3,559
  • withsecurelabs/chainsawAvatar de WithSecureLabs

    WithSecureLabs/chainsaw

    3,446Ver en GitHub↗

    Chainsaw is a Windows forensic analysis tool used for parsing system databases and extracting security artefacts. It functions as a forensic artefact extractor and a scanner for identifying security threats and log tampering within Windows event logs. The project distinguishes itself by implementing a Sigma rule forensic scanner that applies standardized detection logic and custom rule sets to event logs and forensic artefacts. It enables threat hunting workflows by matching event data against patterns to identify malicious activity, lateral movement, and brute force attacks. The tool's capa

    Extracts specific security evidence from disk files into local structured formats for analysis.

    Rustattackblueteamchainsaw
    Ver en GitHub↗3,446
  • blacktop/ipswAvatar de blacktop

    blacktop/ipsw

    3,163Ver en GitHub↗

    ipsw is a specialized toolkit for iOS firmware analysis, binary reverse engineering, and hardware interaction. It provides a suite of tools for downloading, extracting, and analyzing firmware images and kernel caches, alongside a MachO binary analysis tool for disassembling and patching executables. The project distinguishes itself through integrated language-model-powered code reconstruction to translate machine code into high-level source code. It also features an automation client for the App Store Connect API to manage certificates and application settings. The framework covers a broad r

    Provides capabilities for extracting specific forensic artifacts from system images and memory dumps for analysis.

    Goappleclass-dumpdyld
    Ver en GitHub↗3,163
  • jaykali/maskphishAvatar de jaykali

    jaykali/maskphish

    3,020Ver en GitHub↗

    Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific exe

    Provides a web-based graphical interface for analyzing volatile memory dumps using forensics plugins.

    Shellhackhackinghacking-tool
    Ver en GitHub↗3,020
  1. Home
  2. Security & Cryptography
  3. Memory Forensics

Explorar subetiquetas

  • Analysis AutomationTools for programmatically orchestrating memory forensic tasks and generating automated reports. **Distinct from Memory Forensics:** Focuses on the automation and orchestration of analysis rather than the manual act of forensics
  • Cross-Platform Evidence ScanningScanning of disk images and memory dumps for indicators of compromise across different operating systems. **Distinct from Memory Forensics:** Focuses on active scanning for IOCs within forensic images rather than general memory analysis frameworks.
  • Custom Plugin DevelopmentFrameworks and APIs for creating specialized scanners and renderers within a memory forensics environment. **Distinct from Memory Forensics:** Focuses on the developer interface for creating memory forensic plugins, not the analysis process itself
  • Forensic Artifact ExtractionExtracting specific evidence from volatile memory or disk files into local formats for analysis. **Distinct from Memory Forensics:** Distinct from Memory Forensics: focuses on the act of exporting/extracting the evidence rather than the analysis of the dump.
  • Hardware-BasedConducting forensics on remote hosts using physical PCIe hardware interfaces. **Distinct from Memory Forensics:** Focuses on hardware-level acquisition via PCIe rather than analyzing static memory dumps.