Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a race condition in memory acquisition. This condition may lead to competition when sharing...

Bringing Forensic Readiness to Modern Computer Firmware

Today's computer systems come with a pre-installed tiny operating system, which is also known as UEFI. UEFI has slowly displaced the former legacy PC-BIOS while the main task has not changed: It is responsible for booting the actual operating system. However, features like the network stack make ...

WinPmem 安全漏洞

WinPmem is an open source physical memory acquisition tool from Velocidex. A security vulnerability exists in WinPmem version 4.1 and earlier versions that stems from improper validation of input...

Linpmem - A Physical Memory Acquisition Tool For Linux

Like its Windows counterpart, Winpmem, this is not a traditional memory dumper. Linpmem offers an API for reading from any physical address, including reserved memory and memory holes , but it can also be used for normal memory dumping. Furthermore, the driver offers a variety of access modes to...

WinPmem - The Multi-Platform Memory Acquisition Tool

The WinPmem memory acquisition driver and userspace WinPmem has been the default open source memory acquisition driver for windows for a long time. It used to live in the Rekall project, but has recently been separated into its own repository. Copyright This code was originally developed within...

DFIRtriage - Digital Forensic Acquisition Tool For Windows Based Incident Response

DFIRtriage is a tool intended to provide Incident Responders with rapid host data. Written in Python, the code has been compiled to eliminate the dependency of python on the target host. The tool will run a variety of commands automatically upon execution. The acquired data will reside in the roo...

Linux Memory Extractor: LiME

Linux Memory Extractor LiME formerly DMD is A Loadable Kernel Module LKM which allows for volatile memory acquisition from Linux and Linux-based devices, such as Android. This makes LiME unique as it is the first tool that allows for full memory captures on Android devices. It also minimizes its...

LiME - Linux Memory Extractor

A Loadable Kernel Module LKM which allows for volatile memory acquisition from Linux and Linux-based devices, such as Android. This makes LiME unique as it is the first tool that allows for full memory captures on Android devices. It also minimizes its interaction between user and kernel space...

Rekall Memory Forensic Framework

Rekall is an advanced forensic and incident response framework. While it began life purely as a memory forensic framework, it has now evolved into a complete platform. Rekall implements the most advanced analysis techniques in the field, while still being developed in the open, with a free and op...

[Memoryze] Find Evil in Live Memory (Memory Forensic Software)

Mandiant’s Memoryze is free memory forensic software that helps incident responders find evil in live memory. Memoryze can acquire and/or analyze memory images, and on live systems, can include the paging file in its analysis. Mandiant’s Memoryze features: image the full range of system memory no...

[MoonSols] Windows Memory Toolkit

MoonSols Windows Memory Toolkit is a powerful toolkit containing all the utilities needed to perform any kind of memory acquisition or conversion during an incident response, or a forensic analysis for Windows desktops, servers or virtualized environment. The version 2.0 is a refresh and updated...