Laman

How to Acquire Linux Volatile Memory with LiME

LiME ~ Linux Memory Extractor

From 504ensicsLabs's github
"A Loadable Kernel Module (LKM) which allows for volatile memory acquisition from Linux and Linux-based devices, such as Android. This makes LiME unique as it is the first tool that allows for full memory captures on Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition."
Come In, There's a Secret >>
Diposkan oleh di No comments:
Label: , , , ,

Installing Rekall in Ubuntu 20.04

So, taking note from Rekall Forensic website.

What is Rekall?

"Rekall is an advanced forensic and incident response framework. While it began life purely as a memory forensic framework, it has now evolved into a complete platform.  Rekall implements the most advanced analysis techniques in the field, while still being developed in the open, with a free and open source license. Many of the innovations implemented within Rekall have been published in peer reviewed papers.

Rekall provides an end-to-end solution to incident responders and forensic analysts. From state of the art acquisition tools, to the most advanced open source memory analysis framework. Rekall at a glance."

In short, rekall is just like Volatility, which you can get from here. Now let's get started on how to install Rekall in Ubuntu 20.04

Come In, There's a Secret >>
Diposkan oleh di No comments:
Label: , , , , , ,
Subscribe to: Posts (Atom)