memflow

memflow is a live memory introspection framework with a modular architecture.

It has multiple connectors which can be used to access physical memory:

• qemu: access QEMU physical memory
• kvm
• pcileech: access pcileech interface
• coredump: access Microsoft Windows Coredump files

Requirements

• memflow connector project setup
• root privileges
• Platform: Windows/Linux

Initialization parameters

• memflow_connector_name: required
• memflow_connector_args: optional
• vm_name: optional, will be used if memflow_connector_name=qemu