LiME (Linux Memory Extractor) is a Loadable Kernel Module (LKM) that enables volatile memory acquisition from Linux and Linux-based devices, including Android. It is the first tool to allow full memory captures on Android devices, minimizing user-kernel space interaction for more forensically sound captures. Features include full Android memory acquisition, acquisition over network interface, minimal process footprint, and hash of dumped memory. Usage involves loading the module using the insmod command with specified arguments like path, format, and optional parameters like digest and dio.
FEATURES
SIMILAR TOOLS
Free software for extracting Microsoft cabinet files, supporting all features and formats of Microsoft cabinet files and Windows CE installation files.
A library for read-only access to QEMU Copy-On-Write (QCOW) image files, supporting multiple versions and compression formats for digital forensics analysis.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A PowerShell-based incident response and live forensic data acquisition tool for Windows hosts.
Zenduty's platform provides real-time operational health monitoring and incident response orchestration to improve incident response times and build a solid on-call culture.
Exterro is a data risk management platform that optimizes e-discovery, digital forensics, and cybersecurity compliance operations.
A library for accessing and parsing Windows NT Registry File (REGF) format files, designed for digital forensics and registry analysis applications.
A library to access FileVault Drive Encryption (FVDE) encrypted volumes on Mac OS X systems.