I know to dump memory images in Windows. (eg-dumpit) But I don't know how to dump memory images in Linux.
I want to get memory images in Linux and from Linux to Linux with ssh connection or something.
How can I get in Linux?
dumpforensicsmemory
I know to dump memory images in Windows. (eg-dumpit) But I don't know how to dump memory images in Linux.
I want to get memory images in Linux and from Linux to Linux with ssh connection or something.
How can I get in Linux?
Best Answer
From the Forensic's Wiki: Tools:Memory Imaging
excerpt
I found this example of
fmem
in use, which seems to be the easiest way to dump memory for analysis purposes, you can no longer use/dev/mem
after the 2.6.x kernels, as I understand it.fmem Example
*Source: How can I dump all physical memory to a file?
LiME Example
For analyzing volatile memory there's also this page, titled: Linux Memory Analysis. There's a thorough example in this video tutorial that shows the use of LiME and Volatility to collect a memory dump and then analyze it, extracting the user's Bash history from the memory dump.
What else?
There's also this U&L Q&A titled: How can I dump the full system memory? which has additional examples and information.