Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/beyefendi/awesome-memory-forensics

Memory forensics literature
https://github.com/beyefendi/awesome-memory-forensics

List: awesome-memory-forensics

memory-forensics

Last synced: 16 days ago
JSON representation

Memory forensics literature

Host: GitHub
URL: https://github.com/beyefendi/awesome-memory-forensics
Owner: beyefendi
Created: 2023-06-05T08:50:48.000Z (over 1 year ago)
Default Branch: master
Last Pushed: 2024-04-05T22:01:55.000Z (9 months ago)
Last Synced: 2024-04-22T03:33:46.466Z (8 months ago)
Topics: memory-forensics
Homepage:
Size: 8.79 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

ultimate-awesome - awesome-memory-forensics - Memory forensics literature. (Other Lists / PowerShell Lists)

README

        # Memory Forensics Literature

## Frameworks

- [volatility3](https://github.com/volatilityfoundation/volatility3)

- [MemProcFS](https://github.com/ufrisk/MemProcFS)

## Volatility plugins

- [**Community plugins**](https://github.com/volatilityfoundation/community/)

- [**Plugin development tutorial**](https://github.com/iAbadia/Volatility-Plugin-Tutorial)

- [Prefetch](https://github.com/forensicxlab/volatility3_plugins)

- [AnyDesk](https://github.com/forensicxlab/volatility3_plugins)

- [KeePass](https://github.com/forensicxlab/volatility3_plugins)

- [USBSTOR](https://github.com/kevthehermit/volatility_plugins)

- [LastPass](https://github.com/kevthehermit/volatility_plugins)

- [CobaltStrike](https://github.com/kevthehermit/volatility_plugins)

- [Uninstallinfo](https://github.com/superponible/volatility-plugins)

- [Prefetch](https://github.com/superponible/volatility-plugins)

- [idxparser](https://github.com/superponible/volatility-plugins)

- [Firefox History](https://github.com/superponible/volatility-plugins)

- [Chrome History](https://github.com/superponible/volatility-plugins)

- [sqlite](https://github.com/superponible/volatility-plugins)

- [Trustrecords](https://github.com/superponible/volatility-plugins)

- [ssdeepscan](https://github.com/superponible/volatility-plugins)

- [malfinddeep](https://github.com/superponible/volatility-plugins)

- [apihooksdeep](https://github.com/superponible/volatility-plugins)

- [RAMSCAN](https://github.com/TazWake/volatility-plugins)

- [CMDCHECK](https://github.com/TazWake/volatility-plugins)

- [Fast VAD Scan](https://github.com/TazWake/volatility-plugins)

- [Path Check](https://github.com/TazWake/volatility-plugins)

- [Triagecheck](https://github.com/TazWake/volatility-plugins)

- [AutoRuns](https://github.com/tomchop/volatility-autoruns)

- [Bitlocker](https://github.com/tribalchicken/volatility-bitlocker)

- [Linux - Inodes](https://github.com/forensicxlab/volatility3_plugins)

## MemProcFS extensions

- [MemProcFS-Analyzer](https://github.com/evild3ad/MemProcFS-Analyzer)

## Analysis Tools

- [VolWeb -  Volatility 3 frontend](https://github.com/k1nd0ne/VolWeb)

- [Orochi - The Volatility Collaborative GUI](https://github.com/LDO-CERT/orochi)

- [Volatility Workbench](https://www.osforensics.com/tools/volatility-workbench.html)

- [memOptix - Jupyter notebook](https://github.com/blueteam0ps/memOptix)

- [Auto_vol - Automated basics volatility tasks](https://github.com/Zeecka/Auto_vol) - Extracts bitlocker/luks keys and mounts disk image

- [AutoVolatility](https://github.com/carlospolop/autoVolatility)

- [VolatilityBot](https://github.com/mkorman90/VolatilityBot)

- [Calamity](https://github.com/Hestat/calamity)

- [memtriage](https://github.com/gleeda/memtriage)

- [AutoTimeliner](https://github.com/andreafortuna/autotimeliner)

## Analysis Methods

- [Power Up Memory Forensics with Memory Baseliner](https://www.sans.org/blog/power-up-memory-forensics-with-memory-baseliner/)

- [Automating Memory Analysis with AChoirX, Volatility, and LOKI](http://www.musectech.com/2022/04/automating-memory-analysis-with-achoirx.html)

- [VMware Memory Analysis with MemProcFS](https://blog.ecapuano.com/p/vmware-memory-analysis-with-memprocfs)

- [Comae Memory and Network Analysis: Beginning an Incident Investigation](https://www.magnetforensics.com/blog/comae-memory-and-network-analysis-beginning-an-incident-investigation/)

## Analysis of Artifacts

- [Volatility3: Modern Windows Hibernation file analysis](https://www.forensicxlab.com/posts/hibernation/)

## Papers

- [2019 - Characteristics and detectability of Windows auto-start extensibility points in memory forensics](https://www.sciencedirect.com/science/article/pii/S1742287619300362)

- [2018 - Deepmem: Learning graph neural network models for fast and robust memory forensic analysis](https://dl.acm.org/doi/pdf/10.1145/3243734.3243813)

- [2018 - Experimental analysis of web browser sessions using live forensics method](https://faiz.dosen.ittelkom-pwt.ac.id/wp-content/uploads/sites/79/2018/11/Experimental-Analysis-of-Web-Browser-Sessions-Using-Live-Forensics-Method-fix.pdf)

- [2017 - Web browser forensics: google chrome](https://www.researchgate.net/profile/Digvijaysinh-Rathod-2/publication/321534636_WEB_BROWSER_FORENSICS_GOOGLE_CHROME/links/5a26cd99aca2727dd8839621/WEB-BROWSER-FORENSICS-GOOGLE-CHROME.pdf)

- [2017 - Scanning memory with Yara](https://www.sciencedirect.com/science/article/pii/S1742287617300592)

## Courses

- [Digital Forensics Lab & Shared Cyber Forensic Intelligence Repository](https://github.com/frankwxu/digital-forensics-lab)

- [Digital Forensics Course Texas Tech University](https://github.com/asiamina/A-Course-on-Digital-Forensics)

## CTFs

- [Anomalies in Windows Memory](https://blog.cyber5w.com/anomalies-hunting-in-windows-memory-dump)

- [A memory dump](https://github.com/SecurityNik/CTF) | [Write Up](https://www.securitynik.com/2024/03/total-recall-2024-memory-forensics-self.html)

- [MemLabs - 7 challenge](https://github.com/stuxnet999/MemLabs)

## Memory image dataset