Rekall is an advanced forensic and incident response framework. While it began life purely as a memory forensic framework, it has now evolved into a complete platform. Rekall implements the most advanced analysis techniques in the field, while still being developed in the open, with a free and open source license. Many of the innovations implemented within Rekall have been published in peer reviewed papers . Rekall provides an end-to-end solution to incident responders and forensic analysts. From state of the art acquisition tools, to the most advanced open source memory analysis framework. Rekall at a glance.
Alpha: Rekall AgentRekall Agent is a complete endpoint incident response and forensic tool. The Rekall Agent extends Rekall's advanced capabilities to a scalable, distributed environment. The Rekall Agent is easy to deploy and scale, based on modern cloud technologies. With enterprise grade access control and auditing features built in, the Rekall Agent is suitable to be deployed in small to large scale enterprises to provide unprecedented visibility of endpoint security, and collection and preservation of volatile endpoint evidence. Rekall Agent can be downloaded from GitHub. Rekall's approach to memory analysis is unique - Rekall leverages exact debugging information provided by the operating system vendors to precisely locate significant kernel data structures. While other tools rely on heuristics and signatures, Rekall aims to be the most stable and reliable memory analysis framework. Rekall maintains the largest public profile repository for many operating system versions. |