Linux Memory Acquisition with LiME | HackerSploit Blue Team Training
HTML-код
- Опубликовано: 4 авг 2024
- Continuing our Blue Team Training series, @HackerSploit will cover the importance of memory acquisition using LiME. LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices. In this video, we'll show how to build the LiME kernel object and how to dump Linux memory with LiME for analysis.
The full Blue Team Training series is available here: • Hackersploit Linux Sec...
Chapters:
0:00 Introduction
0:44 What We’ll Be Covering
1:00 Pre Requisites
1:53 What is Memory Acquisition?
3:58 Introduction to LiME
6:29 Learning Resources
6:39 Practical Demo
6:51 Making LiME
11:01 Load the Kernel Object
12:31 Locate the RAM Dump File
12:57 Conclusion
New to Cloud Computing? Get started here with a $100 credit → www.linode.com/linodetube
Check out LiME on Github → github.com/504ensicsLabs/LiME
Watch Hackersploit's Red Team Series → • Adversary Emulation wi...
Subscribe to get notified of new episodes as they come out → ruclips.net/user/linode?sub_co...
#Linode #cybersecurity #hackersploit
Product: Linode, Hackersploit, LiME; @HackerSploit 
Наука
The Hash’s of the file is very, very important in digital forensic to keep the LEGAL HOLD or litigation holds!
Stellar video, thanks.
thanks nice explanation! - at 07:30 the hash is useful for detecting later manipulation or changes of the saved data ..
Chain of Custody
@@ChapalPuteh_Legal Holds
Hi, very informative video. you've shown the sample memory acquisition on the Linux system itself, What is the process for acquiring a Linux memory using a portable device? Does Linux support portable kernel objects?
can you send a linux live image with lime?