Most hackers use remote access Trojans (RATs) and they almost always use the RunPE method. This method generates a legitimate process executable (PE) file, so this is often the default browser or Microsoft system process, and replaces it with malicious code directly in memory. This allows the computer to process malicious code as a legitimate process. As soon as this happens, your antivirus program does not know that your browser is effectively turned into a virus by default.

DRS (Data Recovery System) is a real-time data recovery tool that helps you recover data from both good and damaged media. Included in the DRS:

This article discusses the latest version of Woodpile. Its starting point is a logarchive, which it will make for you, or you could examine one brought over from another Mac, or possibly an iOS device. It analyses data on the logs which have been gathered over the last three months or so (macOS), so that you can select one of the processes which has made significant numbers of log entries in that period.

Rekall Framework is a completely open set of tools that works on any platform that supports Python. It supports the research of the following 32-bit and 64-bit memory images. Rekall also provides a complete memory sampling capability for all major operating systems. In addition, Rekall has a complete graphical interface for writing reports and analysis of driving.