LiMEaide: remotely dump RAM of a Linux client
Simplify Linux digital forensics!
LiMEaide is a python application developed by Daryl Bennett that can remotely dump RAM of a Linux client.
It can also create a volatility profile for later analysis.
In order to use LiMEaide all you need to do is feed a remote Linux client IP address, sit back, and consume your favorite caffeinated beverage.
How does it work?
- Make a remote connection with specified client over SHH
- Transfer necessary build files to the remote machine
- Build the memory scrapping Loadable Kernel Module (LKM) LiME
- LKM will dump RAM
- Transfer RAM dump and RAM maps back to host
- Build a Volatility profile
Installation
In order to use LiMEaide you need to resolve some dependencies.
paramiko and termcolor
sudo apt-get install python3-paramiko python3-termcolor
dwarfdump
sudo apt-get install dwarfdump
LiME
- Download LiME v1.7.8
- Extract into
LiMEaide/tools/
- Rename folder to
LiME
More information and downloads
[embed]https://github.com/kd8bny/LiMEaide[/embed]