LiME (Linux Memory Extractor) is a Loadable Kernel Module (LKM) that enables volatile memory acquisition from Linux and Linux-based devices, including Android. It is the first tool to allow full memory captures on Android devices, minimizing user-kernel space interaction for more forensically sound captures. Features include full Android memory acquisition, acquisition over network interface, minimal process footprint, and hash of dumped memory. Usage involves loading the module using the insmod command with specified arguments like path, format, and optional parameters like digest and dio.
This tool is not verified yet and doesn't have listed features.
Did you submit the verified tool? Sign in to add features.
Are you the author? Claim the tool by clicking the icon above. After claiming, you can add features.
Truehunter is a tool designed to detect encrypted containers with a focus on Truecrypt and Veracrypt, utilizing a fast and memory efficient approach.
Universal hexadecimal editor for computer forensics, data recovery, and IT security.
IE10Analyzer can parse and recover records from WebCacheV01.dat, providing detailed information and conversion capabilities.
A tool for parsing and extracting information from the Master File Table of NTFS file systems.
Visually inspect regex matches in binary data/text with YARA and regular expressions, displaying matched bytes and surrounding context.
NBD is a userland implementation of the Network Block Device protocol, allowing for remote access to block devices over a network.