
Rekall is an advanced forensic and incident response framework. While it began life purely as a memory forensic framework, it has now evolved into a complete platform. Rekall implements the most advanced analysis techniques in the field, while still being developed in the open, with a free and open source license. Many of the innovations implemented within Rekall have been published in peer reviewed papers . Rekall provides an end-to-end solution to incident responders and forensic analysts. From state of the art acquisition tools, to the most advanced open source memory analysis framework. Rekall at a glance.
Alpha: Rekall AgentRekall Agent is a complete endpoint incident response and forensic tool. The Rekall Agent extends Rekall's advanced capabilities to a scalable, distributed environment. The Rekall Agent is easy to deploy and scale, based on modern cloud technologies. With enterprise grade access control and auditing features built in, the Rekall Agent is suitable to be deployed in small to large scale enterprises to provide unprecedented visibility of endpoint security, and collection and preservation of volatile endpoint evidence. Rekall Agent can be downloaded from GitHub. Rekall's approach to memory analysis is unique - Rekall leverages exact debugging information provided by the operating system vendors to precisely locate significant kernel data structures. While other tools rely on heuristics and signatures, Rekall aims to be the most stable and reliable memory analysis framework. Rekall maintains the largest public profile repository for many operating system versions. |
Announcements
-
Release 1.7.1
Posted Nov 5, 2017, 10:17 PM by Mike CohenWe are happy to announce the release of Rekall 1.7.1 Hurrican Ridge.This release brings full python 3 support, and python 2.7 support is deprecated but should still work. This release also brings a lot of improvements to EFilter and support for more recent Linux versions. -
OSDFCon 2017
Posted Oct 17, 2017, 10:56 AM by Mike CohenI just gave a brief introduction to the Rekall Agent at the Open Source Digital Forensic Conference 2017. Check out the slides here. -
DFRWS Workshop
Posted Aug 8, 2017, 11:22 PM by Mike CohenOur DFRWS 2017 workshop is coming together over the next few days.Watch this space http://dfrws2017.rekall-forensic.com/Just as a reminder: If you would like to use the shared Rekall Agent server, please forward me your gmail email address at mic@rekall-forensic.com so I can add you to the ACLs. -
Digital Forensics Research Workshop 2017
Posted Jul 31, 2017, 4:50 AM by Mike CohenWe will be at DFRWS 2017 at Austin launching the brand new Rekall Agent! Please join our Workshop if you are in town.If you plan on attending, please watch this space for any last minute announcements and preparation material.