ECFS is an extension to the existing ELF core file format in Linux. Its job is to intercept the Linux core-dump handler, catch the core-dump before it is written to disk, and carefully reconstruct it into an ecfs-core file. An ecfs-core file is backwards compatible with regular core files but has been extended in such a way that they boast prolific amounts of data useful for process forensics analysis. An ecfs-file is not limited to just ELF program headers, but also contains many section headers as well as fully reconstructed relocation and symbol tables that reflect the state of code and data in runtime. ecfs-core files are also extremely straight forward to parse, moreso when using the complementary libecfs C library (Python bindings are a work in progress).
more here............https://github.com/elfmaster/ecfs
more here............https://github.com/elfmaster/ecfs