Reverse Engineering Malware & Investigation Forensic Toolkit


REMnux (Reverse Engineering Malware linux): A Linux Toolkit for Malware Analysis.

SIFT (SANS Investigation Forensic Toolkit): a workstation for Forensic Analysis.

Linux toolkit for reverse-engineering and analyzing malicious software: REMnux: A Linux Toolkit for Malware Analysts

3 way of installation:

1) VM (OVA format)

2a) packages: entire distro

2b) add to a system (e.g. add to SIFT Workstation): the host operating system should be Ubuntu, like 20.04

3) Containers: Docker image

Since REMnux is aimed at malware analysis (i.e. after incident), it could be combined with other tools, specific ones for forensics, like SIFT.


SIFT was developed by SANS: SIFT Workstation | SANS Institute

SIFT can run on Ubuntu 20.04

SIFT could run in WSL and REMnux could be added accordingly: Adding SIFT and REMnux to your Windows Forensics environment – Baker Street Forensics