Trufflepig Nexus was built by practitioners to make memory forensics
more efficient and easier accessible to a broader audience.
The Minion does the heavy lifting.
The heart of the software is the so-called “Minion”, an analysis engine who derives artifacts from memory dumps. Other parts of the software are the backend, the frontend and the database. Nexus is a distributed client-server application which can be run on Linux and Windows machines.
It includes custom-built patterns and heuristics which are used to extract artifacts from memory dumps and later display them in the frontend of the software.
For efficiency reasons it is written in C++.
Currently the Minion only supports the analysis of x86-64 Windows memory dumps, it will soon however be expanded to other operating systems.
The Backend processes the data generated by the Minion, stores it in the Database and exposes an interface to the Frontend. It is implemented in Go.
The Frontend displays the artifacts in a single-page application. It runs in Chromium-based Browsers (e.g. Google Chrome, Microsoft Edge etc.) and uses modern web technologies for a good user experience.
The PostgreSQL Database is currently in a rudimentary state but will soon store the artifacts and allow for sorting and filtering.