gwen001
commented
4 months ago Issue correctly handled, tool is waiting for human validation.
Open gwen001 opened 4 months ago
gwen001
commented
4 months ago Issue correctly handled, tool is waiting for human validation.
[tags]framework,memory,forensic[/tags] [short_descr]Rekall Memory Forensic Framework.[/short_descr] [link] https://github.com/google/rekall [/link] [long_descr] Rekall has introduced many improvements to memory analysis methodology over the years
Rekall framework allowed for limited modularization due to the nature of interdependent in-memory structure and early architectural decisions.
Increasing RAM sizes and security measures like memory encryption are making traditional physical memory analysis more cumbersome.
Physical memory analysis is fragile and maintenance heavy. Most physical memory analysis tools are basically kernel debuggers, without access to the source and debug symbols. Most memory analysis therefore can be a costly process of debugging / reverse engineering and keeping debug symbols / structure definitions up to date. [/long_descr] [image] https://raw.githubusercontent.com/gwen001/offsectools_www/main/tmp/ea59afe2b887bbe36dbfe983d016e807.png [/image]