libforensic1394
« Back to VersTracker
Description:
Live memory forensics over IEEE 1394 (\
Type: Formula  |  Tracked Since: Dec 28, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: forensics security memory-analysis firewire dma
Install: brew install libforensic1394
About:
Libforensic1394 is a specialized C library designed for conducting live memory forensics on remote systems via the IEEE 1394 (FireWire) interface. It provides a robust API for reading and writing physical memory, enabling security professionals to acquire volatile data from target machines without detection. Its main value proposition is facilitating stealthy and reliable memory acquisition for incident response and digital investigations.
Key Features:
  • Cross-platform support (Linux, macOS, Windows)
  • Low-level memory read/write access via FireWire
  • Stealthy operation, often bypassing OS security controls
  • Simple C API for integration into custom forensic tools
Use Cases:
  • Live memory acquisition for incident response and malware analysis
  • Bypassing locked screens or authentication on a local machine
  • Kernel-level debugging and research
Alternatives:
  • inception – inception is a similar tool focused on FireWire DMA attacks, often used for off-the-shelf memory manipulation, whereas libforensic1394 provides a library for building custom forensic tools.
  • WinPmem – WinPmem is a Windows-specific tool for memory acquisition, typically run directly on the target OS, whereas libforensic1394 operates externally via hardware.
Version History
Detected Version Rev Change Commit
« Back to VersTracker  |  Browse Packages  |  About