Dementia is a proof of concept memory anti-forensic toolkit designed for hiding various artifacts inside the memory dump during memory acquisition on Microsoft Windows operating system.

By exploiting memory acquisition tools and hiding operating system artifacts (eg. processes, threads, etc.) from the analysis application, such as Volatility, Memoryze and others. Because of the flaws in some of the memory acquisition tools, Dementia can also hide operating system objects from the analysis tools completely from the user-mode.

For further details about Dementia, check the 29c3 presentation (PPT or video below).

Feel free to contact me for additional help, suggestions, criticisms, and bug reports by posting an issue or by sending an e-mail directly.