Memory Analysis

Volatility

Tool	Volatility
URL	https://www.volatilityfoundation.org/
Target	Windows, Linux, ...
Cost	free
Description	- is the world’s most widely used framework for extracting digital artifacts from volatile memory (RAM) samples. - The extraction techniques are performed completely independent of the system being investigated but offer visibility into the runtime state of the system. - The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.
useful for	- Memory analysis
similar Tools	- Rekall

Bulk Extractor

Tool	Bulk Extractor
URL	GitHub - simsong/bulk_extractor: This is the development tree. Production downloads are at:
Target	Windows, Linux, ...
Cost	free
Description	- extracts features such as email addresses, credit card numbers, URLs, and other types of information from digital evidence files - operates on disk images, files or a directory of files and extracts useful information without parsing the file system or file system structures
useful for	- memory / file analysis
similar Tools

Redline

Tool	Redline
URL	https://www.fireeye.com/services/freeware/redline.html
Target	Windows
Cost	free
Description	- Thoroughly audit and collect all running processes and drivers from memory, file-system metadata, registry data, event logs, network information, services, tasks and web history. - Analyze and view imported audit data, including the ability to filter results around a given timeframe using Redline’s Timeline functionality with the TimeWrinkle™ and TimeCrunch™ features. - Streamline memory analysis with a proven workflow for analyzing malware based on relative priority. - Perform Indicators of Compromise (IOC) analysis. Supplied with a set of IOCs, the Redline Portable Agent is automatically configured to gather the data required to perform the IOC analysis and an IOC hit result review.
useful for	- taking memory images - memory analysis
similar Tools

Rekall

Tool	Rekall
URL	http://www.rekall-forensic.com/
Target	Windows, Linux, ...
Cost	free
https://www.aldeid.com/wiki/PEiD	- strives to be a complete end-to-end memory analysis framework, encapsulating acquisition, analysis, and reporting
useful for	- Memory analysis
similar Tools	- Volatility