Getting started

Last updated June 23, 2026

Aether: Advanced Memory Forensics & Threat Hunting

Aether is a high-performance Windows memory forensics and threat hunting engine designed to identify evasive malware patterns, process injection techniques, active implant signatures, and reflectively loaded .NET assemblies within live process memory. Engineered in Zig for optimal execution speed and a minimal memory footprint, Aether uses a multi-layered confidence scoring model to eliminate false positives while exposing sophisticated adversary behaviors.

Core Capabilities

Injection Detection: Identifies advanced process injection mechanics, including process hollowing, Asynchronous Procedure Call (APC) abuse, and thread hijacking.
Behavioral Hunting: Scans live process memory to expose hidden execution threads, unmapped code regions, and anomalous memory protections.
Triage & Analysis: Empowers security analysts to scan active workloads, isolate malicious footprints, and snapshot suspicious memory regions for offline forensic analysis.

Licensing

Aether is open-source software licensed under the GNU General Public License v3.0 (GPLv3).

In this section

Compilation and building CLI Reference