Volatility

Features

Digital Forensics - Provides a comprehensive framework for examining system artifacts, network connections, and running processes during security investigations.
Memory Analysis - Examines system RAM to identify running processes, network connections, and loaded modules.
Threat Hunting Tools - Searches volatile data for indicators of compromise and behavioral patterns associated with advanced persistent threats.
Memory Dump Parsers - Ships a set of plugins for interpreting raw binary memory images across various operating systems and kernel versions.
Incident Response - Analyzes memory dumps to detect hidden threats, rootkits, and injected code not present on disk.
Memory Forensics - Extracts data from active memory to uncover hidden evidence for digital forensic investigations.
Analysis Plugin Frameworks - Utilizes a plugin-based framework for executing isolated analysis modules to extract forensic artifacts.
OS - Reconstructs a snapshot of the machine's system state at the time a memory image was captured.
Memory Model Abstractions - Wraps raw memory images in abstraction layers to simulate various operating system memory models and hardware architectures.
Direct Memory Access - Provides capabilities to read raw binary data from memory dumps as a contiguous byte stream.
Memory Offset Calculators - Determines the exact memory positions of kernel objects and system structures using predefined OS profiles.
Virtual Address Translators - Implements translation of virtual memory addresses to physical offsets using page tables to locate data within raw dumps.
OS Structure Mappings - Maps known operating system data structure definitions onto raw memory bytes to interpret memory content.
Memory Forensics - Standard framework for memory forensic investigation.
Development Libraries - Advanced memory forensics framework for analyzing RAM dumps.
Dynamic Analysis - Advanced memory forensics framework for incident response.
Dynamic Analysis Tools - An advanced framework for memory forensics and analysis.
Digital Forensics - Framework for memory extraction and analysis.
Forensics Analysis - Framework for investigating memory dumps.
Memory Analysis Tools - Advanced framework for memory forensics and artifact extraction.
Memory Forensics - Standard framework for memory forensic investigations.
Security And Privacy - Memory forensics framework.

Open-source alternatives to Volatility

Similar open-source projects, ranked by how many features they share with Volatility.

ufrisk/memprocfs
ufrisk/MemProcFS
4,202View on GitHub
MemProcFS
C
View on GitHub4,202
504ensicslabs/lime
504ensicsLabs/LiME
1,995View on GitHub
LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisitio
C
View on GitHub1,995
ufrisk/pcileech
ufrisk/pcileech
7,738View on GitHub
pcileech is a toolkit for executing DMA attacks, analyzing PCIe bus traffic, performing kernel patching, and conducting remote volatile memory forensics. It functions as a hardware memory acquisition tool and a PCIe DMA attack framework designed to read and write remote system memory via direct hardware interfaces. The project provides capabilities for capturing and displaying raw transaction layer packets from the PCIe bus and mounting live RAM as local drives for analysis. It enables the modification of system memory signatures and the execution of shellcode or implants within the kernel wi
C
View on GitHub7,738
velocidex/velociraptor
Velocidex/velociraptor
3,769View on GitHub
Velociraptor is a digital forensics and incident response platform, endpoint detection and response system, and visibility tool. It provides a query engine and remote forensic collector used to hunt for indicators of compromise and perform triage across a fleet of hosts. The system is distinguished by its specialized query language for interrogating host state and parsing binary files. It features a notebook environment that combines markdown documentation with executable query cells to standardize investigative workflows and enable collaborative reporting. The platform covers a wide range o
Godigital-forensicsendpoint-discoveryendpoint-protection
View on GitHub3,769

See all 30 alternatives to Volatility

volatilityfoundationvolatilityArchived

Features

Open-source alternatives to Volatility

ufrisk/MemProcFS

504ensicsLabs/LiME

ufrisk/pcileech

Velocidex/velociraptor

Star history

Open-source alternatives to Volatility

ufrisk/MemProcFS

504ensicsLabs/LiME

ufrisk/pcileech

Velocidex/velociraptor