From fc56a63e0362e08fa271372cc60c4fd83e0621df Mon Sep 17 00:00:00 2001 From: Sarkis Nanyan Date: Wed, 22 Jul 2020 18:40:34 +0300 Subject: [PATCH 1/2] add AVML memory acquisition tool --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 978d117..fc32b45 100644 --- a/README.md +++ b/README.md @@ -138,6 +138,7 @@ Digital Forensics and Incident Response (DFIR) teams are groups of people in an * [inVtero.net](https://github.com/ShaneK2/inVtero.net) - Advanced memory analysis for Windows x64 with nested hypervisor support. * [KnTList](http://www.gmgsystemsinc.com/knttools/) - Computer memory analysis tools. * [LiME](https://github.com/504ensicsLabs/LiME) - Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, formerly called DMD. +* [AVML](https://github.com/microsoft/avml) - A portable volatile memory acquisition tool for Linux. * [MalConfScan](https://github.com/JPCERTCC/MalConfScan) - MalConfScan is a Volatility plugin extracts configuration data of known malware. Volatility is an open-source memory forensics framework for incident response and malware analysis. This tool searches for malware in memory images and dumps configuration data. In addition, this tool has a function to list strings to which malicious code refers. * [Memoryze](https://www.fireeye.com/services/freeware/memoryze.html) - Free memory forensic software that helps incident responders find evil in live memory. Memoryze can acquire and/or analyze memory images, and on live systems, can include the paging file in its analysis. * [Memoryze for Mac](https://www.fireeye.com/services/freeware/memoryze-for-the-mac.html) - Memoryze for Mac is Memoryze but then for Macs. A lower number of features, however. From 820b78c0d61e83a678410ab8eb811c18455fcac0 Mon Sep 17 00:00:00 2001 From: Sarkis Nanyan Date: Thu, 23 Jul 2020 12:26:38 +0300 Subject: [PATCH 2/2] fix order; --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index fc32b45..58e200a 100644 --- a/README.md +++ b/README.md @@ -134,11 +134,11 @@ Digital Forensics and Incident Response (DFIR) teams are groups of people in an ### Memory Analysis Tools +* [AVML](https://github.com/microsoft/avml) - A portable volatile memory acquisition tool for Linux. * [Evolve](https://github.com/JamesHabben/evolve) - Web interface for the Volatility Memory Forensics Framework. * [inVtero.net](https://github.com/ShaneK2/inVtero.net) - Advanced memory analysis for Windows x64 with nested hypervisor support. * [KnTList](http://www.gmgsystemsinc.com/knttools/) - Computer memory analysis tools. * [LiME](https://github.com/504ensicsLabs/LiME) - Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, formerly called DMD. -* [AVML](https://github.com/microsoft/avml) - A portable volatile memory acquisition tool for Linux. * [MalConfScan](https://github.com/JPCERTCC/MalConfScan) - MalConfScan is a Volatility plugin extracts configuration data of known malware. Volatility is an open-source memory forensics framework for incident response and malware analysis. This tool searches for malware in memory images and dumps configuration data. In addition, this tool has a function to list strings to which malicious code refers. * [Memoryze](https://www.fireeye.com/services/freeware/memoryze.html) - Free memory forensic software that helps incident responders find evil in live memory. Memoryze can acquire and/or analyze memory images, and on live systems, can include the paging file in its analysis. * [Memoryze for Mac](https://www.fireeye.com/services/freeware/memoryze-for-the-mac.html) - Memoryze for Mac is Memoryze but then for Macs. A lower number of features, however.