From 890744d5ce246ad50999a184475c2bf7f5a5ce15 Mon Sep 17 00:00:00 2001
From: rshipp <github@rshipp.com>
Date: Fri, 8 May 2015 22:41:41 -0600
Subject: [PATCH] Add memory forensics section

---
 README.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/README.md b/README.md
index c815181..1741d0f 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,7 @@ A curated list of awesome malware analysis tools and resources. Inspired by
         - [Malware Corpora](#malware-corpora)
     - [Detection and Classification](#detection-and-classification)
     - [Online Scanners and Sandboxes](#online-scanners-and-sandboxes)
+    - [Memory Forensics](#memory-forensics)
     - [Miscellaneous](#miscellaneous)
 - [Resources](#resources)
     - [Books](#books)
@@ -60,6 +61,17 @@ A curated list of awesome malware analysis tools and resources. Inspired by
 * [VirusTotal](https://www.virustotal.com/) - Free online analysis of malware
   samples and URLs
 
+## Memory Forensics
+
+* [FindAES](https://jessekornblum.livejournal.com/269749.html) - Find AES
+  encryption keys in memory.
+* [Rekall](http://www.rekall-forensic.com/) - Memory analysis framework,
+  forked from Volatility in 2013.
+* [TotalRecall](https://github.com/sketchymoose/TotalRecall) - Script based
+  on Volatility for automating various malware analysis tasks.
+* [Volatility](https://github.com/volatilityfoundation/volatility) - Advanced
+  memory forensics framework.
+
 ## Miscellaneous
 
 * [REMnux](https://remnux.org/) - Linux distribution and docker images for