Volatility 3
Advanced memory forensics framework for extracting artifacts from RAM dumps across OS versions.
Why it is included
Open standard for incident response and malware analysis training.
Best for
IR retainers and malware courses on images you legally hold.
Strengths
- Plugin API
- Symbol tables
- Active Volatility Foundation
Limitations
- Steep OS internals knowledge required
Good alternatives
Rekall (legacy) · Commercial IR suites
Related tools
Security & Privacy
Ghidra
NSA-released reverse engineering suite: decompiler, disassembler, scripting, and collaboration features.
Security & Privacy
YARA
Pattern matching for malware researchers—rules over files, memory, and streams in IR pipelines.
Security & Privacy
Wireshark
Network protocol analyzer for deep packet inspection and forensic debugging.
Security & Privacy
TheHive
Security incident response platform: cases, tasks, observables, MISP sync, and timeline collaboration.
Security & Privacy
DFIR-IRIS
Collaborative incident response platform: cases, timelines, evidence, tasks, and integrations with MISP, VT, and webhooks.
Security & Privacy
IntelOwl
Analyze files, IPs, domains, and URLs in one request by fanning out to many free/TI analyzers (YARA, PE, DNS, etc.).