Memory Analysis for #Linux has always been a bit hit-or-miss. Trail of Bits has released a tool called #mquire that doesn't require debug symbols for the originating Kernel.

It also uses SQL-based queries to perform analysis, similar to #OSquery.

https://blog.trailofbits.com/2026/02/25/mquire-linux-memory-forensics-without-external-dependencies/

#MemoryForensics #IncidentResponse #DFIR #DigitalForensics