LiME
Memory Extractor
A tool that captures and extracts volatile memory from Linux devices in a forensically sound way.
LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.
2k stars
81 watching
340 forks
Language: C
last commit: 4 months ago
Linked from 4 awesome lists
meirwah/awesome-incident-response
tylerha97/awesome-reversing
cugu/awesome-forensics
digitalisx/awesome-memory-forensicsRelated projects:
| Repository | Description | Stars |
|---|---|---|
 ir193/amextractor | A tool to extract physical memory from Android devices without kernel source code or LKM support. | 12 |
 halpomeranz/lmg | Tools and scripts for capturing and analyzing Linux memory | 266 |
 kd8bny/limeaide | Automates the process of remotely dumping RAM and creating volatility profiles on Linux clients. | 161 |
 kost/memdump | A tool to extract and display the contents of a system's physical memory | 12 |
 mobileforensicsresearch/mem | Tool to dump memory from Android devices | 66 |
 microsoft/avml | A tool that captures volatile memory images from Linux systems without prior knowledge of the target OS or kernel. | 883 |
 rek7/mxtract | Analyzes and dumps memory to extract sensitive information from running processes | 582 |
 natebrune/fmem | A Linux kernel module designed to help analyze volatile memory without the limitations of traditional memory dumping tools. | 115 |
 jamiebullock/libxtract | A portable, lightweight library providing a set of audio feature extraction functions that can be cascaded to create complex extraction hierarchies. | 227 |
 51j0/android-storage-extractor | A tool to extract local data storage of an Android application in one click. | 16 |
 plasma-umass/mesh | A memory allocator that reduces memory footprint by compacting and managing memory fragmentation in C/C++ applications | 1,761 |
 strazzere/android-lkms | Tools and techniques for reversing and debugging Android applications on controlled systems or emulators. | 206 |
 ftramer/lm_memorization | A tool to extract memorized content from large language models like GPT-2 by analyzing their training data | 179 |
 stiletto/angrymlocker | A tool to prevent processes from being swapped out of memory | 13 |
 derekselander/dsdump | A tool for analyzing and extracting information from Mach-O executable files | 1,135 |