Linux Memory Analysis
Revision as of 14:02, 24 January 2009 by Andrewtappert
Linux Memory Analysis Tools
- Second Look from Pikewerks Corporation - This tool can perform analysis of live local and remote memory sources, as well as stored snapshots of memory (physical memory images or hibernate images). It can be used to detect rootkits and other kernel-hooking malware, as well as obtain forensic information about the state of the system. It has reverse engineering capabilities, including built-in disassembly and hexadecimal data views, and the capability of modifying target memory.
- The Forensic Analysis Toolkit (FATKit) is a cross-platform, modular, and extensible digital investigation framework for analyzing volatile system memory.
- The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.