Skip to content

Penetration Testing Tools

Search for:

Home
Data Forensics
Ethical Hacking
Mobile Hacking
Network Attacks
Vulnerability Assessment
Web AppSec
OSINT
Code Assessment
Malware Offense
IoT
Cryptography
Arsenal Lab
Hardware/Embedded
Malware Defense
Network Defense
Reverse Engineering
Smart Grid/Industrial Security

Home
Data Forensics
Ethical Hacking
Mobile Hacking
Network Attacks
Vulnerability Assessment
Web AppSec
OSINT
Code Assessment
Malware Offense
IoT
Cryptography
Arsenal Lab
Hardware/Embedded
Malware Defense
Network Defense
Reverse Engineering
Smart Grid/Industrial Security

Search for:

Penetration Testing Tools

Data Forensics / Malware Defense

MemProcFS Analyzer: Automated Forensic Analysis of Windows Memory Dumps

by ddos · January 11, 2025

MemProcFS Analyzer

MemProcFS-Analyzer.ps1 is a PowerShell script utilized to simplify the usage of MemProcFS and to assist with the analysis workflow.

Features:

Auto-Install of MemProcFS, EvtxECmd, Elasticsearch, Kibana
Auto-Update of MemProcFS, EvtxECmd (incl. Maps), Elasticsearch, Kibana, ClamAV Virus Databases (CVD)

Update-Info when there’s a new version of ClamAV or a new Redistributable packaged Dokany Library Bundle available
Multi-Threaded scan w/ ClamAV for Windows
Extracting IPv4/IPv6

IP2ASN Mapping w/ Team Cymru
Checking for Unusual Parent-Child Relationships
Extracting Windows Event Log Files and processing w/ EvtxECmd → Timeline Explorer (EZTools by Eric Zimmerman)

Collecting Evidence Files (Secure Archive Container → PW: MemProcFS)

Usage

Launch Windows PowerShell ISE or Visual Studio Code (PSVersion: 5.1) as Administrator and open/run MemProcFS-Analyzer.ps1.

Fig 1: Select your Raw Physical Memory Dump

Fig 2: MemProcFS-Analyzer checks for dependencies (First Run)

Fig 3: Accept Terms of Use (First Run)

Fig 4: Multi-Threaded ClamAV Scan

Fig 5: Processing Windows Event Logs (EVTX)

Fig 6: ELK Import

Fig 7: Happy ELK Hunting!

Fig 8: ClamAV Scan found 29 infected file(s)

Fig 9: Press OK to shutdown MemProcFS and Elastisearch/Kibana

Fig 10: Secure Archive Container (PW: MemProcFS)

Download

Copyright (C) 2021 evild3ad

Share

Tags: Forensic Analysis

Follow:

Next story legba: multiprotocol credentials bruteforcer / password sprayer and enumerator
Previous story bore: modern, simple TCP tunnel in Rust

Search

MAKE THE WEBSITE ONLINE

Popular Posts
Tags

Malware Analysis / Reverse Engineering

sharem: ultimate Windows shellcode tool

February 10, 2025
Data Forensics

APT-Hunter: Threat Hunting tool for windows event logs

January 12, 2025
Vulnerability Assessment

xmap: performing Internet-wide IPv6 & IPv4 network research scanning

January 12, 2025
Data Forensics

forensictools: A toolkit designed for digital forensics

January 13, 2025
Ethical Hacking

Pentest Muse: Revolutionizing Penetration Testing with AI Automation

January 13, 2025

5G Amazon AMD Android Apple ARM Artificial intelligence Asus ChatGPT chrome Dell facebook Firefox Github google Google Chrome Huawei India Intel Lenovo LG Linux Linux Kernel MediaTek Meta Micron Microsoft microsoft edge Mozilla MSI Nvidia OpenAI Qualcomm Samsung SK Hynix Sony TSMC twitter ubuntu windows Windows 7 Windows 10 Windows 10X Windows 11 Xbox

Reward

Brilliantly

SAFE!

meterpreter.org

Content & Links

Verified by Sur.ly

2022

Home
About Us
Contact Us
DMCA NOTICE
Privacy Policy

Penetration Testing Tools © 2025. All Rights Reserved.

x