•  Home
  •  Dashboard
  •  Company
    • About Us
    • Blog
    • Careers
    • Contact Us
    • Data Centers
    • Looking Glass
    • Network
    • Reseller
  •  Hosting Services
    • Backup
    • Content Delivery Network
    • Colocation Hosting
    • Dedicated Hosting
    • DDoS Mitigation
    • IP Transit
    • Private Cloud
    • Wavelength
  •  Solutions
    • Ecommerce
    • Finance
    • Gaming
    • Hosting
    • Management
    • Security
    • System Integrator
  •  Support
    • Community
    • Knowledge Base
    • Open A Ticket
  •  USA & Canada: 800-933-1517
  •  International: 626-549-2801
  •  Email: sales@psychz.net
  • Services
    • Dedicated Servers
    • Colocation
    • Private Cloud
    • DDos Protection
    • IP Transit
    • CDN
    • Backup
  • Solutions
    • Ecommerce
    • Security
    • Gaming
    • Hosting
    • Management
    • Finance
    • System Integrator
  • Dashboard

Top 6 Tools To Search For Memory Under Linux

  • Home
  • Client
  • Blog
  • Linux
  • Top 6 Tools To Search For Memory Under Linux

Top 6 Tools To Search For Memory Under Linux

  • Category: Linux
  • Author: Admin
  • Publisher: Psychz Networks
  • October 22,2015

Memory Search

 

There are a number of reasons why a user might want to dump the physical memory of a Linux server, including searching for password strings, replacing or editing core files or commonly-used processes, troubleshooting or doing forensic analysis on stored data – or just knowing what’s on the system.

This used to be fairly easy with the dd /dev/mem command, but the direct access option is no longer available in newer kernels due to increased security restrictions, even if you’re acting as a superuser.

Today, the best way to search for memory under Linux is to use a tool developed for the purpose. Here are six good ones to check out.

 

LiME (Linux Memory Extractor)

Once known as DMD, this is a loadable kernel module which is one of the only available tools which will let you dump full memory captures from Android devices as well as Linux machines. It will allow you to either dump memory directly to the device’s file system or over a network and is noteworthy because it basically works without user interaction, meaning the memory captures are much more accurate than with other tools.

 

Volatilitux

The Linux version of the popular Windows Volatility tool, Volatiltux is flexible and useful. It allows you to dump RAM, as well as examine and extract a process’s open files. You’re also able to automatically detect kernel structures (although that doesn’t work reliably on some dumps, in which case you can create a config file with information on the memory layout). It’s worth checking out for one other reason: it supports dumps from devices with ARM architectures, like smartphones.

 

Second Look

If you’re looking for a professional or enterprise (and expensive) solution which is a powerful forensic tool for Linux, Second Look is worth a first look. This tool is much more than a simple way to dump and search memory, as it includes a number of analysis tools and even proactive alert functions to help protect against intrusions. However, it also provides the ability to reliably dump memory locally or over a network, with PMAD modules for several hundred kernels covering all of the common Linux distributions.

 

Draugr

Named after an undead creature from Norse mythology, this was one of the first tools developed for Linux memory analysis. It will only allow you to list processes and search and extract specific areas of the system’s memory but is still effective for those purposes. Development on Draugr has been stopped for some time.

 

Memdump

If you’re not in need of an elegant solution, Memdump is simple and to the point. Memdump is IBM Public License freeware which simply dumps physical memory to the normal output stream while skipping any holes in the memory maps.

Categories

Hosting Services
  • Dedicated Hosting
  • Colocation Hosting
  • Backup
  • IP Transit
  • DDoS Mitigation
Support
  • Portal Login
  • Knowledgebase
  • Community
Company
  • About Us
  • Contact Us
  • Network
  • Data Centers
  • Looking Glass
  • Affiliates
  • Reseller
  • Blog
Policies
  • Privacy Policy
  • Acceptable Usage Policy
  • Terms and Conditions
  • Service Level Agreement
Company
  • Psychz Networks,
    A Profuse Solutions Company
    611 Wilshire Blvd #300
    Los Angeles,California 90017
    USA
  • US/Canada: 800-933-1517
  • International: 626-549-2801
Subscribe to Our Mailing List
* indicates required
Copyright © 2023 Psychz Networks, A Profuse Solutions Inc Company