hayabusa VS MemLabs

Compare hayabusa vs MemLabs and see what are their differences.


Hayabusa (้šผ) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs. (by Yamato-Security)


Educational, CTF-styled labs for individuals interested in Memory Forensics (by stuxnet999)
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
hayabusa MemLabs
7 6
1,982 1,520
3.7% -
9.7 2.6
about 3 hours ago about 3 years ago
Rust Shell
GNU General Public License v3.0 only MIT License
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.


Posts with mentions or reviews of MemLabs. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-07-16.
  • Platform for training digital forensics
    1 project | /r/digitalforensics | 21 Apr 2023
  • MemLabs: Learn Memory Forensics through CTF-styled labs
    1 project | /r/netsec | 31 Aug 2022
  • Best site for memory forensic test
    1 project | /r/computerforensics | 24 Jul 2022
    MemLabs https://github.com/stuxnet999/MemLabs
  • New to Forensics, Drop some Forensics tools/training content
    5 projects | /r/computerforensics | 16 Jul 2022
  • forensics volatility
    1 project | dev.to | 27 Jun 2022
    Volatility Foundation Volatility Framework 2.6 Usage: Volatility - A memory forensics analysis platform. Options: -h, --help list all available options and their default values. Default values may be set in the configuration file (/etc/volatilityrc) --conf-file=/root/.volatilityrc User based configuration file -d, --debug Debug volatility --plugins=PLUGINS Additional plugin directories to use (colon separated) --info Print information about all registered objects --cache-directory=/root/.cache/volatility Directory where cache files are stored --cache Use caching --tz=TZ Sets the (Olson) timezone for displaying timestamps using pytz (if installed) or tzset -f FILENAME, --filename=FILENAME Filename to use when opening an image --profile=WinXPSP2x86 Name of the profile to load (use --info to see a list of supported profiles) -l LOCATION, --location=LOCATION A URN location from which to load an address space -w, --write Enable write support --dtb=DTB DTB Address --shift=SHIFT Mac KASLR shift address --output=text Output in this format (support is module specific, see the Module Output Options below) --output-file=OUTPUT_FILE Write output in this file -v, --verbose Verbose information --physical_shift=PHYSICAL_SHIFT Linux kernel physical shift address --virtual_shift=VIRTUAL_SHIFT Linux kernel virtual shift address -g KDBG, --kdbg=KDBG Specify a KDBG virtual address (Note: for 64-bit Windows 8 and above this is the address of KdCopyDataBlock) ... LABS SET UP This scenario will be using MemLabs cloned from https://github.com/stuxnet999/MemLabs. The labs contain the CTF memory images as referenced earlier.
  • I saw my definition of a worst case scenario today, all because the client didn't want to spend a little bit of money a couple years ago.
    1 project | /r/sysadmin | 22 Apr 2021
    I think your best bet to start today is to start looking at self-education options (all over youtube, reddit, google) and start shopping for jobs that either have big training budgets or are at a service provider/vendor that offers IR and try to move laterally within it. You'd be surprised by what you get from just shooting your shot. You could consider some really basic certs like Sec + (avoid CEH like the plague unless you're gov't.) or Blue Team Level 1. I like to watch guys like 13cubed, or the surviving digital forensics podcasts and courses. Also just stay aware of infosec news from sources like brian krebs or cyberwire daily. Some other things to think about are ashemery.com/dfir.html and https://github.com/stuxnet999/MemLabs for some good exercises. Don't feel bad for using walkthroughs your first few times. SANS 3 minutes max is also great for quick topics in DFIR

What are some alternatives?

When comparing hayabusa and MemLabs you can also consider the following projects:

WELA - WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ใ‚‘็พ…๏ผˆใ‚ฆใ‚งใƒฉ๏ผ‰

MemProcFS-Analyzer - MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

hayabusa-rules - Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.

mal_unpack - Dynamic unpacker based on PE-sieve

chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts

Kuiper - Digital Forensics Investigation Platform

sigma-essentials - Everything you need for the #grindset

CaptfEncoder - Captfencoder is opensource a rapid cross platform network security tool suite, providing network security related code conversion, classical cryptography, cryptography, asymmetric encryption, miscellaneous tools, and aggregating all kinds of online tools.

krapslog-rs - Visualize logs in your terminal: โ–‚โ–ƒโ–ƒโ–ƒโ–ƒโ–ƒโ–…โ–…โ–…โ–…โ–ƒโ–ƒโ–…โ–…โ–†โ–‡

my-arsenal-of-aws-security-tools - List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

FunctionStomping - Shellcode injection technique. Given as C++ header, standalone Rust program or library.

robot_hacking_manual - Robot Hacking Manual (RHM). From robotics to cybersecurity. Papers, notes and writeups from a journey into robot cybersecurity.