Skip to content
No description, website, or topics provided.
Python C++ C
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
other.plugins Removed hashtest and hashbuild from this repo Jul 19, 2019
test.setups Added test setup descriptions Jul 19, 2019
tools added hint to "what makes it page" Aug 4, 2019 Updated Readme Jul 19, 2019 Added malware description Jul 19, 2019 bugfix regarding pages not belonging to any VAD Sep 25, 2019

This is the online repository for the paper "Windows Memory Forensics: Detecting (un)intentionally hidden injected Code by examining Page Table Entries" by Frank Block and Andreas Dewald ( It contains all material referenced in the paper, including the resulting Rekall plugin:

On any questions (regarding this research ;-) ) don't hesitate to contact

You can’t perform that action at this time.