search

trolldbois / python-haystack

Process heap analysis framework - Windows/Linux - record type inference and forensics
http://trolldbois.blogspot.com/search?q=python-haystack
GNU General Public License v3.0
94 stars 33 forks source link

Make a Rekall PoC #9

Closed trolldbois closed 8 years ago

trolldbois commented 8 years ago

http://blog.digital-forensics.it/2015/09/rekalling-mimikatz.html

trolldbois commented 8 years ago

https://github.com/google/rekall/blob/master/rekall-core/rekall/plugins/windows/heap_analysis.py

trolldbois commented 8 years ago

landed in dev https://github.com/trolldbois/python-haystack/commit/72dc7774bd60f3f6247855e2238d5ee3f3e11acd

trolldbois commented 8 years ago

pretty much done thanks to new releases