LiME
Memory Extractor
A tool for extracting and analyzing volatile memory from Linux-based devices, particularly Android.
LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.
2k stars
81 watching
339 forks
Language: C
last commit: about 1 month ago
Linked from 4 awesome lists
meirwah/awesome-incident-response
tylerha97/awesome-reversing
cugu/awesome-forensics
digitalisx/awesome-memory-forensicsRelated projects:
| Repository | Description | Stars |
|---|---|---|
 ir193/amextractor | A tool to extract physical memory from Android devices without kernel source code or LKM support. | 11 |
 halpomeranz/lmg | A tool for capturing and analyzing Linux memory | 264 |
 kd8bny/limeaide | Automates the process of remotely dumping RAM and creating volatility profiles on Linux clients. | 161 |
 kost/memdump | A tool to extract and display the contents of a system's physical memory | 12 |
 mobileforensicsresearch/mem | Tool to dump memory from Android devices | 66 |
 microsoft/avml | A tool that captures volatile memory images from Linux systems without prior knowledge of the target OS or kernel. | 875 |
 rek7/mxtract | Analyzes and dumps memory to extract sensitive information from running processes | 582 |
 natebrune/fmem | A Linux kernel module that provides access to physical memory for analysis and dumping. | 115 |
 jamiebullock/libxtract | A portable, lightweight library providing a set of audio feature extraction functions that can be cascaded to create complex extraction hierarchies. | 227 |
 51j0/android-storage-extractor | A tool to extract local data storage of an Android application in one click. | 16 |
 plasma-umass/mesh | A memory allocator that reduces memory footprint by compacting and managing memory fragmentation in C/C++ applications | 1,753 |
 strazzere/android-lkms | Provides tools and modules to aid in reversing and debugging Android applications on controlled systems/emulators. | 204 |
 ftramer/lm_memorization | A tool to extract memorized content from large language models like GPT-2 by analyzing their training data | 175 |
 stiletto/angrymlocker | A tool to prevent processes from being swapped out of memory | 13 |
 derekselander/dsdump | A tool for analyzing and extracting information from Mach-O executable files | 1,127 |