I like AVML for it's simplicity. But because computer systems we would encounter in our line of work are never predictable, I always create a LiME executable as well just in case. Thanks for watching and please subscribe and like if you havent already done so.
Great vid, would like to see it actually done through remote connection as in a real life scenario. How would you compile for a different system without direct access to insert a flash drive?
excellent question! if you dont have physical access to the machine then the assumption is that you have the credentials to get remote access. You should not be compiling on the subject machine but rather on an exemplar machine which has the same version of OS as the target. Then you can transfer the compiled program to the subject machine via rcp/ftp/etc and then ssh in to do the extraction and pipe the output across the network to a collection machine.
I would recommend BOTH. With computers, you never know what little nuances will cause one tool to fail so it's always good to have a backup plan. This is especially true with memory capture because memory changes constantly and you may only have one shot at getting what you want. Thanks for watching and please dont forget to subscribe and like if you havent already done so.
Not sure i understand the question. Are you saying that the “make” program is putting you into a different directory? I usually “cd” into the folder where the Makefile resides and then run “make” there as all the .c and .h files are there.
Which one do you prefer? Lime or AVML? Assuming if we want to dump a Linux server/client memory and not an android device?
I like AVML for it's simplicity. But because computer systems we would encounter in our line of work are never predictable, I always create a LiME executable as well just in case.
Thanks for watching and please subscribe and like if you havent already done so.
Great vid, would like to see it actually done through remote connection as in a real life scenario. How would you compile for a different system without direct access to insert a flash drive?
excellent question! if you dont have physical access to the machine then the assumption is that you have the credentials to get remote access. You should not be compiling on the subject machine but rather on an exemplar machine which has the same version of OS as the target. Then you can transfer the compiled program to the subject machine via rcp/ftp/etc and then ssh in to do the extraction and pipe the output across the network to a collection machine.
@@BlueMonkey4n6 thanks I was on the right track. I may have to demonstrate this soon for an upcoming audit
What program from both do you recommend the most to adquire memory dumps?
I would recommend BOTH. With computers, you never know what little nuances will cause one tool to fail so it's always good to have a backup plan. This is especially true with memory capture because memory changes constantly and you may only have one shot at getting what you want.
Thanks for watching and please dont forget to subscribe and like if you havent already done so.
@@BlueMonkey4n6 Thanks a lot. Of course I will follow your videos. They are quite interesting.
Make entering into different directory how did we solve this problem can you plz solve my problem by today i am very thankful to you.
Not sure i understand the question. Are you saying that the “make” program is putting you into a different directory? I usually “cd” into the folder where the Makefile resides and then run “make” there as all the .c and .h files are there.
Is it gonna work for kali linux mem aquisition
If you are asking whether this will capture memory in a system running Kali, then the answer is yes
"make" command is not working it shows error 2 any solution please.
what exactly is the error from make?
Please do an Android mobile phone memory analysis to identify Malware.
Great suggestion, let me add it to the list of future videos