ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.
The following tools can be used to conduct memory analysis.
Memory Analysis Frameworks
- Volatility Framework - A complete framework for analyzing Windows, Linux and Mac OSX memory images.
- WindowsSCOPE Pro, Ultimate - Comprehensive toolkit for the capture and analysis of Windows physical and virtual memory targeting cyber analysis, forensics/incident response, and education. Software and hardware based acquisition with CaptureGUARD PCIe and ExpressCard.
- WindowsSCOPE Live live fetch and analysis of Windows computers on a network from Android smartphones and tablets.
- Second Look from Raytheon Pikewerks Corporation - provides Linux memory forensics, including acquisition and analysis.
Browser Email Memory Tool
- pdgmail is a python script to extract gmail artifacts from memory images. Made for images extracted with pdd, but works with any memory image.