Skip to content
/ RAMDumpExplorer Public
forked from bacanoicua/RAMDumpExplorer

An updated fork of @bacanoicua's RAMDumpExplorer project. This is a program designed to analyze a dump of the RAM memory to search for potentially malicious files. The program scans the dump file for specific patterns and uses regular expressions to identify and extract the matched values

github.com/bacanoicua/ramdumpexplorer

License

GPL-3.0 license
7 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

AndrewRathbun/RAMDumpExplorer

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.github
.github
 
 
.gitignore
.gitignore
 
 
FodyWeavers.xml
FodyWeavers.xml
 
 
LICENSE
LICENSE
 
 
Program.cs
Program.cs
 
 
RAMDumpExplorer.sln
RAMDumpExplorer.sln
 
 
README.md
README.md
 
 
RamDumpExplorer.csproj
RamDumpExplorer.csproj
 
 

Repository files navigation

RAMDumpExplorer 🕵️‍♂️💻

RAMDumpExplorer is a C# program that scans a RAM dump file (.raw) generated by a third-party app and searches for specific patterns using regular expressions.

How to Use 🔍

To use RAMDumpExplorer, follow these simple steps:

  1. Generate a RAM dump file using a third-party app.

  2. Download it in the Releases

  3. Open a command prompt or terminal and navigate to the folder containing the RAMDumpExplorer executable.

  4. Run the program with the path to the RAM dump file as the only argument in CMD:

    RAMDumpExplorer.exe path/to/ram.raw

  5. Wait for the program to finish scanning the file.

  6. The program will output the matched patterns to the console.

Features 🚀

RAMDumpExplorer is designed to search for two specific patterns:

  1. Command prompt history - Searches for the last executed commands in a command prompt window.
  2. Suspicious files - Searches for files that have been recorded in the system's RAM.
  3. DLLS - Searches for DLLs executed with rundll32/regsvr32.

Credits 👨‍💻👩‍💻

Created by Bacanoicua.

Version 📝

1.0

About

An updated fork of @bacanoicua's RAMDumpExplorer project. This is a program designed to analyze a dump of the RAM memory to search for potentially malicious files. The program scans the dump file for specific patterns and uses regular expressions to identify and extract the matched values

github.com/bacanoicua/RAMDumpExplorer

Topics

forensics dfir memory-analysis memory-forensics

Resources

Readme

License

GPL-3.0 license
Activity

Stars

7 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

V1.0 Latest
Jul 24, 2023

Languages

  • C# 100.0%