Differences

This shows you the differences between two versions of the page.

--- soc:theory:memory [2026/06/10 10:01] – created titannet
+++ soc:theory:memory [2026/06/10 10:11] (current) – titannet
@@ Line 29: / Line 29: @@
 ==== Creation ====
-FTK Imager
+  * FTK Imager
-WindowsPmem Win
+  * WindowsPmem Win
-LiME
+  * LiME
 ==== Analysis ====
-Volatility 3 — active, Python3-based memory analysis framework.
+  * Volatility 3 — active, Python3-based memory analysis framework.
-Redline (FireEye) — free analyzer + triage with GUI, timeline and IOC features.
+  * Redline (FireEye) — free analyzer + triage with GUI, timeline and IOC features.
-MemProcFS — mounts a physical memory image as a virtual read-only filesystem.
+  * MemProcFS — mounts a physical memory image as a virtual read-only filesystem.