[How To] Forensic Memory Acquisition in Linux - LiME

less than 1 minute read

This week we will be using LiME to acquire a memory image in a suspect Linux system. LiME is a loadable kernel module that needs to be compiled based on the specific arch of the suspect device. We show the basics of compiling, and how to load the kernel object to copy a RAW memory image.


Leave a Comment