Rekall

Rekall is a powerful memory forensics framework that turns raw RAM captures—or live system state—into structured artifacts investigators can query and script. It ships with a large collection of plugins that parse OS internals to recover processes, modules, sockets, registry hives, and file objects, even when rootkits try to hide them. The design emphasizes repeatability: investigators run well-defined analyses that produce timelines, indicators, and reports suitable for case work or automation. Rekall supports profile-free operation for many targets, reducing setup friction and making it easier to handle varied images in the field. Extensibility is a core theme, with a plugin API and notebook-friendly workflows for custom hunts and triage. Used well, it compresses what would be hours of manual sleuthing into scripted passes over a consistent object model.

Features

Rich plugin set for processes, drivers, sockets, registry, and files
Works with offline memory images and live response modes
Artifact-centric object model for repeatable investigations
Profile-free parsing paths for many operating systems
Scripting and notebook workflows for custom hunts
Reporting and timeline generation for DFIR casework

Project Samples

Project Activity

See All Activity >

License

GNU General Public License version 3.0 (GPLv3)

Follow Rekall

Rekall Web Site

Other Useful Business Software

Our Free Plans just got better! | Auth0

With up to 25k MAUs and unlimited Okta connections, our Free Plan lets you focus on what you do best—building great apps.

You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.

Try free now

Rate This Project

User Reviews

Be the first to post a review of Rekall!

Additional Project Details

Programming Language

Python

Related Categories

Python Frameworks

Registered

2025-10-10

Similar Business Software

Webix

JavaScript UI library and framework for speeding up web development. JS Framework for cross-platform web Apps development 102 UI widgets and feature-rich CSS / HTML5 JavaScript controls. Save at least 3000+ development hours by using ready-made widgets and UI controls. Develop Web UI 30% faster....

See Software
Kendo UI

Kendo UI is the ultimate collection of JavaScript UI components with libraries for jQuery, Angular, React, and Vue. Quickly build eye-catching, high-performance, responsive web applications—regardless of your JavaScript framework choice. Easily add advanced JavaScript components into your...

See Software
Ionic

The Ionic Platform allows you to bring your apps to market faster with an integrated app platform built on the leading cross-platform mobile SDK. Build, secure, and deliver new mobile apps—and transform existing ones—across iOS, Android, and Web platforms from a single codebase. Full...

See Software
Nitric

Nitric is an open source, cloud-agnostic backend framework that enables developers to declare infrastructure as code and automate deployments using pluggable plugins. It supports multiple languages, including JavaScript, TypeScript, Python, Go, and Dart. Key features include defining APIs (REST,...

See Software
ent

An entity framework for Go. Simple, yet powerful ORM for modeling and querying data. Simple API for modeling any database schema as Go objects. Run queries, and aggregations and traverse any graph structure easily. 100% statically typed and explicit API using code generation. The latest version...

See Software
Aurelia

Aurelia's standards-based, unobtrusive style makes it the only framework that empowers you to build components using vanilla JavaScript or TypeScript. If you know modern JS and HTML, there's little more to learn to build even the most complex apps. At the core of Aurelia is a high-performance,...

See Software