Rekall
An open-source memory forensic framework for extracting and analyzing digital artifacts from Windows, Linux, and OSX memory images.
What is Rekall?
Rekall is an open-source memory forensic framework used for extracting and analyzing digital artifacts from computer memory images. It helps incident responders and forensic investigators examine system state during security incidents by analyzing memory dumps from Windows, Linux, and OSX systems. The framework provides both memory acquisition tools and analysis capabilities in a single Python-based toolkit.
Digital forensic investigators, incident response teams, and security researchers who need to analyze memory images during security investigations. It's particularly valuable for those working with Windows, Linux, or OSX systems in enterprise environments.
Rekall offers a complete, open-source solution for memory forensics with better modularity and performance than its predecessor. Its library-based design allows integration with other security tools, and it includes built-in memory acquisition capabilities across multiple operating systems.
Overview
Rekall Memory Forensic Framework
Use Cases
Best For
- Analyzing memory dumps during incident response investigations
Related Projects
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
