| Dokany |
GitHub Release |
User mode file system library for windows with FUSE Wrapper |
filesystem, disk-forensics |
|
Full only |
| LeechCore.wiki |
Git |
GitHub wiki for LeechCore. |
memory-forensics, documentation |
|
|
| MemProcFS |
GitHub Release |
MemProcFS is an easy and convenient way of viewing physical memory as files in a virtual file system. |
memory-forensics, filesystem |
.dmp, .raw, .vmem, .img |
|
| MemProcFS.wiki |
Git |
GitHub wiki for MemProcFS |
memory-forensics, documentation |
|
|
| Volatility Workbench 2.1 |
HTTP |
Volatility Workbench is a GUI for the Volatility memory analysis framework. |
memory-forensics, gui |
.dmp, .raw, .vmem, .img |
Full only |
| Volatility Workbench 3 |
HTTP |
Volatility Workbench is a GUI for the Volatility memory analysis framework. |
memory-forensics, gui |
.dmp, .raw, .vmem, .img |
Full only |
| minidump |
Python |
Python library to parse Windows minidump file format. |
memory-forensics, windows |
.dmp |
|
| winpmem |
HTTP |
winpmem is a Windows memory acquisition driver. |
memory-forensics, acquisition |
.raw, .aff4 |
|