Forensics

From Jeremy Bryan Smith
Revision as of 21:49, 12 September 2015 by Jeremy (talk | contribs) (Created page with "= Forensics = == Linux == Tools to extract entire system RAM to a file * [https://github.com/504ensicslabs/lime LiME] (Linux Memory Extractor)<br>A Loadable Kernel Module (L...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Forensics

Linux

Tools to extract entire system RAM to a file

  • LiME (Linux Memory Extractor)
    A Loadable Kernel Module (LKM) which allows for volatile memory acquisition from Linux and Linux-based devices, such as Android. This makes LiME unique as it is the first tool that allows for full memory captures on Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.
    • Works as a kernel module
    • Compiles on Linux and Android
Retrieved from "https://wiki.jeremybryansmith.com/index.php?title=Forensics&oldid=5"