Eight Linux/Unix server memory dump tools

To do this, you must first sharpen the tool. When you dump the Linux/Unix server memory, you must have a proper tool at hand. Foreign media checked Eight Linux/Unix server memory monitoring tools. Let's take a look.

LiMELinux Memory Extractor)

LiME (formerly referred to as DMD) is a kind of Loadable Kernel Module (LKM) that can be loaded to obtain the volatile memory in Linux and Linux devices. This tool supports obtaining memory from the file system of the device or from the network. LiME is the first tool to capture the complete memory from the Android device. It reduces the interaction between the user and the kernel space process during the capture process.

LiME:Http://code.google.com/p/lime-forensics/downloads/list

Draugr

With/dev/(k) mem or information dump, Draugr can access, read/write, and search memory in python. You can also find the system information in different ways. In addition, you can find the kernel symbol XML file or EXPORT_SYMBOL), process, and disassembly and dumping memory.

Draugr:Http://code.google.com/p/draugr/downloads/list

Volatilitux

For Linux systems, Volatilitux is equivalent to Volatility. Volatilitux supports the following physical memory dump architecture:

* ARM

* X86

* Supports PAE x86

The following commands are supported:

* Pslist: print the list of all processes

* Memmap: prints the memory ing of a process.

* Memdmp: The addressable memory of the dump Process

* Filelist: prints all enabled documents for a given process.

* Filedmp: Dump enabling document

Volatilitux:Http://code.google.com/p/volatilitux/downloads/list

Memfetch

This is a simple tool that can dump all the memory of running processes, or dump when a fault is found. Install Memfetch code:

 
 

  
  
## FreeBSD ## 
  
  
pkg_add -r -v memfetch 
  
  
## other *nix user download it from the following url ## 
  
  
wget http://lcamtuf.coredump.cx/soft/memfetch.tgz 
  
  
tar xvf memfetch.tgz 
  
  
cd memfetch && make 
 
 

Memfetch:Http://lcamtuf.coredump.cx/

Red Hat Crash

This core analysis suite is an independent tool that can be used to study the ecosystem, kernel core dump created on Netdump, diskdump and kdump packages on Red Hat Linux, it can be used for memory forensics. Installation code:

 
 

  
  
## RHEL / CentOS ## 
  
  
yum install crash 
  
  
## Novell / Suse / OpenSUSE ## 
  
  
zypper install yast2-kdump 
 
 

Crash:Http://people.redhat.com/anderson/

Memgrep

A simple tool to search, replace, and dump memory from running processes and core files. Installation:

 
 

  
  
## FreeBSD ## 
  
  
pkg_add -r -v memgrep 
 
 

Memgrep:Http://hick.org/

Memdump

Memdump dumps the system memory to the standard output stream and skips the memory ing. The contents of physical memory are dumped by default. Installation:

 
 

  
  
## Debian / ubuntu Linux ## 
  
  
sudo apt-get install memdump 
  
  
## FreeBSD ## 
  
  
pkg_add -r -v memdupm 
 
 

Foriana

A tool that extracts process and module list information from a RAM Image Based on the logical relationship between the operating system structure.

Foriana:Http://hysteria.sk /~ Niekt0/foriana/

If you have other good tools, please share them below.