Reading Time: < 1 minute

All software tools are released under GNU/GPL licenses. Closed-source versions for commercial purposes are available, please contact the authors: reverseame (at) unizar (dot) es.

dumd-mixer Dump Module Mixer (dumd-mixer) is a Python script to generate a module from the same module extracted from a collection of memory dumps.
Source code (GNU/GPL v3 license).
pagedmem Volatility plugin to obtain the number of the memory pages paged per module (exe or dll) and per driver from a Windows memory dump.
Source code (GNU/GPL v3 license).
sigcheck & sigvalidator sigcheck is a Volatility plugin to validate Authenticode-signed processes, either with embedded signature or catalog-signed. sigvalidator is a Python module to verify signatures of PE files.
Source code (GNU/GPL v3 license).
More information in the paper.
malscan Volatility plugin to detect malicious code thanks to ClamAV.
Source code (GNU/AGPL v3 license).
More information in this post.
winesap Volatility plugin to analyze the registry-based Windows ASEPs in a memory dump.
Source code (GNU/AGPL v3 license).
More information in the paper.
processfuzzyhash Volatility plugin to calculate and compare Windows processes fuzzy hashes.
Source code (GNU/AGPL v3 license).
More information in the paper.
pinVMShield Pin-based tool to protect a sandbox application of common anti-virtual machine and anti-sandbox detection techniques.
Source code (GNU/GPL v3 license).
More information in the paper.