LiME Logo

LiME

0
Free
Visit Website

LiME (Linux Memory Extractor) is a Loadable Kernel Module (LKM) that enables volatile memory acquisition from Linux and Linux-based devices, including Android. It is the first tool to allow full memory captures on Android devices, minimizing user-kernel space interaction for more forensically sound captures. Features include full Android memory acquisition, acquisition over network interface, minimal process footprint, and hash of dumped memory. Usage involves loading the module using the insmod command with specified arguments like path, format, and optional parameters like digest and dio.

FEATURES

ALTERNATIVES

Highlighter is a FireEye Market app that integrates with FireEye products to provide enhanced cybersecurity capabilities.

A library for working with Windows NT data types, providing access and manipulation functions.

Exterro is a data risk management platform that optimizes e-discovery, digital forensics, and cybersecurity compliance operations.

OSXCollector is a forensic evidence collection & analysis toolkit for OSX.

DFIR ORC Documentation provides detailed instructions for setting up the build environment and deploying the tool.

WinSearchDBAnalyzer can parse and recover records in Windows.edb, providing detailed insights into various data types.

Anti-forensics tool for Red Teamers to erase footprints and test incident response capabilities.

Windows anti-forensics USB monitoring tool with the ability to shutdown the computer upon detecting the unplugging of a specified USB device.

PINNED