Linux Memory Analysis
Linux Memory Analysis Tools
- Second Look from Pikewerks Corporation - This tool can perform analysis of live local and remote memory sources, as well as stored snapshots of memory (physical memory images or hibernate images). It can be used to detect rootkits and other kernel-hooking malware, as well as obtain forensic information about the state of the system. It has reverse engineering capabilities, including built-in disassembly and hexadecimal data views, and the capability of modifying target memory.
- The Forensic Analysis Toolkit (FATKit) is a cross-platform, modular, and extensible digital investigation framework for analyzing volatile system memory.
- The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
- foriana is tool for extraction of some information (process list, modules list, ..) from RAM image. Using logical realtions between OS structures, this detection works on multiple operating systems. Under GNU GPL.