基于Memprocfs和Volatility的可视化内存取证工具

Windows symbol tables for Volatility 3

Project containing several tools/ scripts to recover the OpenSSH session keys used to encrypt/ decrypt SSH traffic.

Volatility3 Linux profiles

Volatility, on Docker 🐳

Generate Volatility3 profiles from BTF.

PyDFIRRam is a Python library leveraging Volatility 3 to simplify and enhance memory forensics. It streamlines the research, parsing, and analysis of memory dumps, allowing users to focus on data rather than commands.

Skalle is a handy add-on for Volatility that lets you run it in a graphical user interface. It also adds some cool features!

This project is for DFIR that wants to speed up some memory forensic analysis

Linux BPF plugins for Volatility3

A suite of Volatility 3 plugins for memory forensics of Docker containers

Volatility 3 plugins to extract a module as complete as possible

My Linux profiles built for Volatility 2/3

Linux symbols creation tool for Volatility3

Volatility 3 plugin for extracting BitLocker Full Volume Encryption Keys (FVEK)

Volatility-CheatSheet

Unified Memory Forensics MCP Server - Multi-tier engine combining Rust speed with Vol3 coverage.

Container to use the dwarf2json tool to generate Linux Profiles based on CentOS7 for Volatility3.

This project is a detailed technical report and practical guide covering the methodologies and tools used for Volatile Memory (RAM) Forensics on Linux operating systems. It is structured to provide both foundational knowledge and a step-by-step procedure for conducting a forensic investigation in a digital security context.

GLASS (Global Language And Site Scanner) is a Volatility plugin designed by Clayton Wenzel, James Baumhardt, and Nathan Eberly, aiming to swiftly identify and classify malicious domains and unexpected languages within a memory dump, providing users with dynamic insights for forensic investigations.