LiME – Linux Memory Extractor

Find your website's Achilles' Heel

LiMe is a Loadable Kernel Module (LKM) Linux memory extractor which allows for volatile memory acquisition from Linux and Linux-based devices, such as Android. This makes LiME unique as it is the first tool that allows for full memory captures on Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.

LiME - Linux Memory Extractor


  • Full Android memory acquisition
  • Acquisition over network interface
  • Minimal process footprint


Detailed documentation on LiME’s usage and internals can be found in the “doc” directory of the project. LiME utilizes the insmod command to load the module, passing required arguments for its execution.


In this example we use adb to load LiME and then start it with acquisition performed over the network:

Now on the host machine, we can establish the connection and acquire memory using netcat

Acquiring to sdcard

You can download LiMe v1.7.2 here:

Or read more here.

Posted in: Forensics, Hacking Tools

, , , , , , ,

Recent in Forensics:
- CuckooDroid – Automated Android Malware Analysis
- Cuckoo Sandbox – Automated Malware Analysis System
- Web Application Log Forensics After a Hack

Related Posts:

Most Read in Forensics:
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows - 66,555 views
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks - 34,714 views
- OpenDLP – Free & Open-Source Data Loss Prevention (DLP) Tool - 30,779 views

Comments are closed.