Talk With an Expert

Rekall Cheat Sheet

Rekall Cheat Sheet (PDF, 0.43MB)Published: 19 May, 2021
Created by:
SANS Institute
SANS Institute

The Rekall Memory Forensic Framework is a collection of memory acquisition and analysis tools implemented in Python under the GNU General Public License. This cheatsheet provides a quick reference for memory analysis operations in Rekall, covering acquisition, live memory analysis and parsing plugins used in the 6-Step Investigative Process. For more information on this tool, visit rekall-forensic.com.

Author

SANS Institute
SANS Institute

SANS Institute

Launched in 1989 as a cooperative for information security thought leadership, it is SANS’ ongoing mission to empower cyber security professionals with the practical skills and knowledge they need to make our world a safer place.

Read more about SANS Institute