PE-sieve
BSD-2-Clause🔬 Digital Forensics · C++
PE-sieve is a C++ based tool that scans active processes for in-memory anomalies such as process hollowing, code injection, and hooking. It is designed to identify and report suspicious modifications that could indicate malware presence or process tampering. PE-sieve is valuable for memory forensics and incident response, as it helps analysts detect and analyze advanced threats that manipulate process memory.
Tags
Details
- Category
- 🔬 Digital Forensics
- Language
- C++
- Repository
- hasherezade/pe-sieve
- License
- BSD-2-Clause
- Platforms
- 🪟windows
Links
More in Digital Forensics
Volatility 3
PythonAdvanced memory forensics framework. Extracts artifacts from RAM dumps — processes, network connections, registry.
Autopsy
JavaDigital forensics platform with GUI. Disk image analysis, timeline analysis, keyword search, hash filtering.
Ghidra
JavaNSA's reverse engineering framework. Disassembly, decompilation, graphing, and scripting for binary analysis.
Binwalk
PythonFirmware analysis tool. Searches binary images for embedded files, executables, and file systems.
YARA
CPattern matching swiss knife for malware researchers. Create rules to identify and classify malware samples.
Velociraptor
GoEndpoint visibility and collection tool. Hunt for artifacts across thousands of endpoints simultaneously.