LiME – Linux Memory Extractor

Outsmart Malicious Hackers


LiMe is a Loadable Kernel Module (LKM) Linux memory extractor which allows for volatile memory acquisition from Linux and Linux-based devices, such as Android. This makes LiME unique as it is the first tool that allows for full memory captures on Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.

LiME - Linux Memory Extractor

Features

  • Full Android memory acquisition
  • Acquisition over network interface
  • Minimal process footprint

Usage

Detailed documentation on LiME’s usage and internals can be found in the “doc” directory of the project. LiME utilizes the insmod command to load the module, passing required arguments for its execution.


Examples

In this example we use adb to load LiME and then start it with acquisition performed over the network:

Now on the host machine, we can establish the connection and acquire memory using netcat

Acquiring to sdcard

You can download LiMe v1.7.2 here:

LiMe-v1.7.2.zip

Or read more here.


Posted in: Forensics, Hacking Tools

, , , , , , ,

Recent in Forensics:
- Volatility Framework – Advanced Memory Forensics Framework
- CuckooDroid – Automated Android Malware Analysis
- Cuckoo Sandbox – Automated Malware Analysis System

Related Posts:

Most Read in Forensics:
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows - 66,611 views
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks - 34,868 views
- OpenDLP – Free & Open-Source Data Loss Prevention (DLP) Tool - 31,597 views


Comments are closed.