rekall

memory analysis and incident response framework

Install

All systems
curl cmd.cat/rekall.sh
Debian Debian
apt-get install rekall-core
Ubuntu
apt-get install rekall-core
image/svg+xml Kali Linux
apt-get install rekall-core
Fedora
dnf install rekall
Windows (WSL2)
sudo apt-get update sudo apt-get install rekall-core
Raspbian
apt-get install rekall-core

rekall-core

memory analysis and incident response framework

The Rekall Framework is a completely open collection of tools for the extraction and analysis of digital artifacts computer systems. Rekall supports investigations of the following 32bit and 64bit memory images: - Microsoft Windows XP Service Pack 2 and 3 - Microsoft Windows 7 Service Pack 0 and 1 - Microsoft Windows 8 and 8.1 - Microsoft Windows 10 - Linux Kernels 2.6.24 to 4.4. - OSX 10.7-10.12.x. Rekall also provides a complete memory sample acquisition capability for all major operating systems.

rekall

A KDE database front-end application