LiME Logo

LiME

0
Free
Visit Website

LiME (Linux Memory Extractor) is a Loadable Kernel Module (LKM) that enables volatile memory acquisition from Linux and Linux-based devices, including Android. It is the first tool to allow full memory captures on Android devices, minimizing user-kernel space interaction for more forensically sound captures. Features include full Android memory acquisition, acquisition over network interface, minimal process footprint, and hash of dumped memory. Usage involves loading the module using the insmod command with specified arguments like path, format, and optional parameters like digest and dio.

FEATURES

ALTERNATIVES

A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.

A command-line utility for extracting human-readable text from binary files.

Open Source computer forensics platform with modular design for easy automation and scripting.

A Python-based engine for automatic creation of timelines in digital forensic analysis

An open source format for storing digital evidence and data, with a C/C++ library for creating, reading, and manipulating AFF4 images.

Online platform for image steganography analysis

An open source digital forensic tool for processing and analyzing digital evidence with high performance and multiplatform support.

Python script to parse macOS MRU plist files into human-friendly format