extracting-memory-artifacts-with-rekall
CommunityUncover memory artifacts with Rekall analysis.
AuthorYukiIto1999
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Rekall memory forensics enables rapid identification of indicators of compromise in memory dumps, including process hollowing, injected code via VAD anomalies, hidden processes, and rootkit activity.
Core Features & Use Cases
- Analyze memory dumps with Rekall to surface hollowed or injected code, VAD anomalies, hidden processes, and suspicious artifacts.
- Correlate findings with process lists, network activity, and kernel artifacts to build incident context.
- Real-world use case: malware analysts quickly triage a memory image from a suspected machine to identify rootkits and code injections.
Quick Start
Analyze a memory image with Rekall to uncover process hollowing, injected code, and hidden artifacts.
Dependency Matrix
Required Modules
rekall
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: extracting-memory-artifacts-with-rekall Download link: https://github.com/YukiIto1999/ctf-sleuth/archive/main.zip#extracting-memory-artifacts-with-rekall Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.