Memory

pyflag

Author:

Michael Cohen

The tool is an acronym for "Forensic and Log Analysis GUI", written for analysis of various log file types and network traffic analysis but can also be used for forensic analysis of disk images includes support for the Volatility framework http://www2.opensourceforensics.org/node/15 and supports file carving to recover known file types.

Website:

http://www.pyflag.net

Unhide

Memory
Unix

Author:

YJesus

Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hiding technique.

Website:

http://www.security-projects.com/?Unhide

volatility

Author:

AAron Walters

Volatility is an extensible memory forensics tool using python. Volatility comes with a number of standard plugins. The plugins use various techniques to extract artifacts from volatile memory (RAM) samples, these include:
- Running processes
- Open network sockets
- Open network connections
- DLLs loaded for each process
- Open files for each process
Volatility also has support for extracting artificats from Windows Hibernation files and Windows crash dump files.

To view further documentation and follow latest developments visit http://code.google.com/p/volatility/

Website:

https://www.volatilesystems.com/default/volatility

Open Source Digital Forensics

Primary links

Navigation

User login

Memory

pyflag

Unhide

volatility