LiME: dump RAM

tux_compWhile there are many memory dump tools available on Linux, LiME uses an approach closer to the kernel that can be extended to other platforms (like Android) those use the Linux kernel. LiME is a highly useful forensic data analysis tool. LiME runs as a loadable kernel module (just a regular .ko file) which can capture volatile memory data. Being a kernel module it reduces the entropy generated due to userspace and kernel space interaction more than any userspace tool. LiME is the first tool than can capture memory from Android. It can work in two modes to capture memory: over the network (TCP) or to any storage (like SD Card). To use LiME on Android cross-compiling it might be required depending on the target hardware architecture.

LiME documentation

Webpage: LiME

Leave a Reply

Your email address will not be published. Required fields are marked *