PCILeech vs Volatility 3
GitHub Stats
About PCILeech
PCILeech uses PCIe/Thunderbolt/USB3380 hardware to perform Direct Memory Access (DMA) attacks against target computers. It can read and write physical memory of live systems without requiring any software on the target. Capabilities include dumping full physical memory, patching kernel code in-memory (e.g., removing authentication), injecting code into running processes, and extracting encryption keys. PCILeech supports FPGA-based hardware (Screamer, PCIe squirrel) for high-speed transfers and includes plugins for common attack scenarios like Windows login bypass, BitLocker key extraction, and macOS FileVault attacks. A powerful tool for physical security assessments.
About Volatility 3
Volatility 3 is the next-generation memory forensics framework. It is a completely rewritten version of the Volatility Framework, designed for speed and reliability. It extracts digital artifacts from volatile memory (RAM) samples, enabling investigators to analyze running processes, network connections, registry keys, loaded modules, and more. It supports Windows, Linux, and macOS memory dumps and is the standard tool for memory forensics in digital investigations and incident response.
Platform Support
Tags
PCILeech only
Volatility 3 only