GET YOUR VULNERABILITY AND THREAT DATABASE SUBSCRIPTION
EKOLABS 2016


Tools

Published on November 25th, 2015 | by NJ Ouchn

0

Rekall The Memory Forensic Framework

The Rekall Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer visibilty into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.

Rekall supports investigations of the following x86 bit memory images:

  • Microsoft Windows XP Service Pack 2 and 3
  • Microsoft Windows 7 Service Pack 0 and 1
  • Linux Kernels 2.6.24 to 3.10.
  • OSX 10.6-10.8.

Tags: , ,


About the Author

“Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses”



Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑