You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
MemProcFS-Analyzer.ps1 is a PowerShell script utilized to simplify the usage of MemProcFS and to optimize your memory analysis workflow.
5
5
6
-
MemProcFS - The Memory Process File System by [Ulf Frisk](https://twitter.com/ulffrisk)
6
+
MemProcFS - The Memory Process File System by [Ulf Frisk](https://x.com/ulffrisk)
7
7
https://github.com/ufrisk/MemProcFS
8
8
9
9
Features:
@@ -21,7 +21,7 @@ Features:
21
21
* Extracting IPv4/IPv6
22
22
* IP2ASN Mapping and GeoIP w/ [IPinfo CLI](https://github.com/ipinfo/cli)→ Get your token for free at [https://ipinfo.io/signup](https://ipinfo.io/signup)
23
23
* Checking for Suspicious Port Numbers
24
-
*[Process Tree](https://github.com/evild3ad/MemProcFS-Analyzer/wiki/Process-Tree) (TreeView) including complete Process Call Chain (Special thanks to [Dominik Schmidt](https://github.com/DaFuqs))
24
+
*[Process Tree](https://github.com/LETHAL-FORENSICS/MemProcFS-Analyzer/wiki/Process-Tree) (TreeView) including complete Process Call Chain (Special thanks to [Dominik Schmidt](https://github.com/DaFuqs))
25
25
* Checking Processes for Unusual Parent-Child Relationships and Number of Instances
26
26
* Checking Processes for Unusual User Context
27
27
* Checking for Process Path Masquerading and Process Name Masquerading (Damerau Levenshtein Distance)
@@ -37,7 +37,7 @@ Features:
37
37
* Simple Prefetch View (based on Forensic Timeline)
38
38
* Analyzing Auto-Start Extensibility Points (ASEPs) w/ RECmd ([EZTools](https://ericzimmerman.github.io/) by Eric Zimmerman)
39
39
* Analyzing RecentDocs, Office Trusted Document w/ RECmd ([EZTools](https://ericzimmerman.github.io/) by Eric Zimmerman)
40
-
* Analyzing Registry w/ Kroll RECmd Batch File ([Kroll Batch File](https://github.com/EricZimmerman/RECmd/projects/1) by Andrew Rathbun)
40
+
* Analyzing Registry w/ DFIR RECmd Batch File ([DFIR Batch File](https://github.com/EricZimmerman/RECmd/blob/master/BatchExamples/DFIRBatch.md) by Andrew Rathbun)
41
41
* Analyzing Metadata of Recovered Process Modules (experimental)
42
42
* Extracting Windows Shortcut Files (LNK)
43
43
* Hunting Malicious Windows Shortcut Files (LNK)
@@ -78,7 +78,7 @@ Note: It's recommended to uncomment/disable the "Updater" function after install
0 commit comments