Rekall

Rekall is a powerful memory forensics framework that turns raw RAM captures—or live system state—into structured artifacts investigators can query and script. It ships with a large collection of plugins that parse OS internals to recover processes, modules, sockets, registry hives, and file objects, even when rootkits try to hide them. The design emphasizes repeatability: investigators run well-defined analyses that produce timelines, indicators, and reports suitable for case work or automation. Rekall supports profile-free operation for many targets, reducing setup friction and making it easier to handle varied images in the field. Extensibility is a core theme, with a plugin API and notebook-friendly workflows for custom hunts and triage. Used well, it compresses what would be hours of manual sleuthing into scripted passes over a consistent object model.

Features

Rich plugin set for processes, drivers, sockets, registry, and files
Works with offline memory images and live response modes
Artifact-centric object model for repeatable investigations
Profile-free parsing paths for many operating systems
Scripting and notebook workflows for custom hunts
Reporting and timeline generation for DFIR casework

Project Samples

Project Activity

See All Activity >

License

GNU General Public License version 3.0 (GPLv3)

Follow Rekall

Rekall Web Site

Other Useful Business Software

Build Securely on Azure with Proven Frameworks

Lay a foundation for success with Tested Reference Architectures developed by Fortinet’s experts. Learn more in this white paper.

Moving to the cloud brings new challenges. How can you manage a larger attack surface while ensuring great network performance? Turn to Fortinet’s Tested Reference Architectures, blueprints for designing and securing cloud environments built by cybersecurity experts. Learn more and explore use cases in this white paper.

Download Now

Rate This Project

User Reviews

Be the first to post a review of Rekall!

Additional Project Details

Programming Language

Python

Related Categories

Python Frameworks

Registered

2025-10-10

Similar Business Software

Webix

JavaScript UI library and framework for speeding up web development. JS Framework for cross-platform web Apps development 102 UI widgets and feature-rich CSS / HTML5 JavaScript controls. Save at least 3000+ development hours by using ready-made widgets and UI controls. Develop Web UI 30% faster....

See Software
Kendo UI

Kendo UI is the ultimate collection of JavaScript UI components with libraries for jQuery, Angular, React, and Vue. Quickly build eye-catching, high-performance, responsive web applications—regardless of your JavaScript framework choice. Easily add advanced JavaScript components into your...

See Software
Nitric

Nitric is an open source, cloud-agnostic backend framework that enables developers to declare infrastructure as code and automate deployments using pluggable plugins. It supports multiple languages, including JavaScript, TypeScript, Python, Go, and Dart. Key features include defining APIs (REST,...

See Software
ent

An entity framework for Go. Simple, yet powerful ORM for modeling and querying data. Simple API for modeling any database schema as Go objects. Run queries, and aggregations and traverse any graph structure easily. 100% statically typed and explicit API using code generation. The latest version...

See Software
Aurelia

Aurelia's standards-based, unobtrusive style makes it the only framework that empowers you to build components using vanilla JavaScript or TypeScript. If you know modern JS and HTML, there's little more to learn to build even the most complex apps. At the core of Aurelia is a high-performance,...

See Software
getcss

getcss - An intuitive CSS framework. Create responsive web apps with getcss. It's simple, easy to use, free, and open source. Features: * Accelerate your development - Write less, get more * Zero dependencies * Latest technologies - Supports latest browsers, HTML5, CSS3 * Easy to learn,...

See Software