rekall
memory analysis and incident response framework
Install
- All systems
-
curl cmd.cat/rekall.sh
- Debian
-
apt-get install rekall-core - Ubuntu
-
apt-get install rekall-core - Kali Linux
-
apt-get install rekall-core - Fedora
-
dnf install rekall - Windows (WSL2)
-
sudo apt-get updatesudo apt-get install rekall-core - Raspbian
-
apt-get install rekall-core - Dockerfile
- dockerfile.run/rekall
rekall-core
memory analysis and incident response framework
The Rekall Framework is a completely open collection of tools for the extraction and analysis of digital artifacts computer systems. Rekall supports investigations of the following 32bit and 64bit memory images: - Microsoft Windows XP Service Pack 2 and 3 - Microsoft Windows 7 Service Pack 0 and 1 - Microsoft Windows 8 and 8.1 - Microsoft Windows 10 - Linux Kernels 2.6.24 to 4.4. - OSX 10.7-10.12.x. Rekall also provides a complete memory sample acquisition capability for all major operating systems.