Top 8 Tools To Search Memory Under Linux / Unix [ Forensics Analysis ]
You
can dump Linux or Unix server memory. This is useful for forensics
analysis, and testing your own system. This is often desirable to see:
=> Download memdump.
=> Download foriana
If you have any other tips and tools you'd like to add, please share them in the comments below!
- What code and what data actually resides in memory.
- You can search for specific pids memory.
- Search memory for string and other data such as passwords.
- Works as add-on tool for gdb and others.
- Search/replace/dump memory from running processes and core files.
- All kinds of deep hacking activities that simply saves your time and solve problems.
LiME (Linux Memory Extractor)
From the project home page:LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.=> Download LiME
Draugr
From the project home page:By using /dev/(k)mem or a memory dump, Draugr can be used to access easily in python to this memory, play (read, write, disassemble, search) with it ... and can find system information (processes ...) by different methods. It can find kernel symbols (pattern matching in a XML file or with EXPORT_SYMBOL), processes (informations and sections) (by the kernel linked list or bruteforce) and disassemble/dump the memory.=> Download draugr
Volatilitux
From the project home page:Volatilitux is pretty much the equivalent of Volatility for Linux systems. Volatilitux supports the following architectures for physical memory dumps:=> Download volatilitux.
* ARM
* x86
* x86 with PAE enabled
It supports the following commands:
* pslist: print the list of all process
* memmap: print the memory map of a process
* memdmp: dump the addressable memory of a process
* filelist: print the list of all open files for a given process
* filedmp: dump an open file
Memfetch
It is a simple utility to dump all memory of a running process, either immediately or when a fault condition is discovered. It is an attractive alternative to the vastly inferior search capabilities of many debuggers and tracers - and a convenient way to grab "screenshots" from many types of text-based interactive utilities. To install memfetch:## FreeBSD ## pkg_add -r -v memfetch ## other *nix user download it from the following url ## wget http://lcamtuf.coredump.cx/soft/memfetch.tgz tar xvf memfetch.tgz cd memfetch && make=> Download memfetch
Crash utility from Red Hat, Inc
The core analysis suite is a self-contained tool that can be used to investigate either live systems, kernel core dumps created from the netdump, diskdump and kdump packages from Red Hat Linux, the mcore kernel patch ffered by Mission Critical Linux, or the LKCD kernel patch. This tool can be utilized for memory forensics. To install:## RHEL / CentOS ## yum install crash ## Novell / Suse / OpenSUSE ## zypper install yast2-kdump=> Download crash
Memgrep
A simple utility to search/replace/dump memory from running processes and core files. To install:## FreeBSD ##
pkg_add -r -v memgrep
=> Download memgrep.Memdump
This program dumps system memory to the standard output stream, skipping over holes in memory maps. By default, the program dumps the contents of physical memory. This software is distributed under the IBM Public License. To install memdump:## Debian / ubuntu Linux ## sudo apt-get install memdump ## FreeBSD ## pkg_add -r -v memdupmSee man page for usage information:
man memdupm
=> Download memdump.
foriana
It is another tool for extraction of information such as the process and modules lists from a RAM image using logical relations between OS structures.=> Download foriana
If you have any other tips and tools you'd like to add, please share them in the comments below!
Top 8 Tools To Search Memory Under Linux / Unix [ Forensics Analysis ]
Terima kasih telah membaca artikel tentang Top 8 Tools To Search Memory Under Linux / Unix [ Forensics Analysis ] di blog Tutorial Opensource and Linux jika anda ingin menyebar luaskan artikel ini di mohon untuk mencantumkan link sebagai Sumbernya, dan bila artikel ini bermanfaat silakan bookmark halaman ini di web browser anda, dengan cara menekan Ctrl + D pada tombol keyboard anda.