Data Visualization Plugin for IDA Pro

Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.

Allows you to quickly query a Windows machine for RAM artifacts

Rip Raw is a small tool to analyse the memory of compromised Linux systems.

A short and small memory forensics helper.

Tool to extract the kallsyms (System.map) from a memory dump

Learning volatility plugins.

A suite of Volatility 3 plugins for memory forensics of Docker containers

This repository is tailored for participants of the Polish training course "Live Cold Boot Attack: How to Decrypt a Laptop by Freezing Memory?". It offers demos and tools to explore memory freezing attacks and data recovery techniques in real-world scenarios.

Volatility 3 plugins to extract a module as complete as possible

Linux BPF plugins for Volatility3

Tool to find memory artifacts present in instant messaging applications.

Introducing the Temporal Dimension to Memory Forensics - ACM Transactions on Privacy and Security 2019

Data structure detection with neural networks.

Volatility plugin to yield and compare similarity digest of modules on execution.

Volatility plugin to obtain the number of the resident memory pages per module (exe or dll) and per driver from a Windows memory dump.

Volatility profile for uclinux

Volatility plugins to recover ML model attributes from memory images

Dump Module Mixer (dumd-mixer) is a Python script to generate a module from the same module extracted from a collection of memory dumps.