To do this, you must first sharpen the tool. When you dump the Linux/Unix server memory, you must have a proper tool at hand. Foreign media checked Eight Linux/Unix server memory monitoring tools. Let's take a look.
LiMELinux Memory Extractor)
LiME (formerly referred to as DMD) is a kind of Loadable Kernel Module (LKM) that can be loaded to obtain the volatile memory in Linux and Linux devices. This tool supports obtaining memory from the file system of the device or from the network. LiME is the first tool to capture the complete memory from the Android device. It reduces the interaction between the user and the kernel space process during the capture process.
LiME:Http://code.google.com/p/lime-forensics/downloads/list
Draugr
With/dev/(k) mem or information dump, Draugr can access, read/write, and search memory in python. You can also find the system information in different ways. In addition, you can find the kernel symbol XML file or EXPORT_SYMBOL), process, and disassembly and dumping memory.
Draugr:Http://code.google.com/p/draugr/downloads/list
Volatilitux
For Linux systems, Volatilitux is equivalent to Volatility. Volatilitux supports the following physical memory dump architecture:
* ARM
* X86
* Supports PAE x86
The following commands are supported:
* Pslist: print the list of all processes
* Memmap: prints the memory ing of a process.
* Memdmp: The addressable memory of the dump Process
* Filelist: prints all enabled documents for a given process.
* Filedmp: Dump enabling document
Volatilitux:Http://code.google.com/p/volatilitux/downloads/list
Memfetch
This is a simple tool that can dump all the memory of running processes, or dump when a fault is found. Install Memfetch code:
- ## FreeBSD ##
- pkg_add -r -v memfetch
- ## other *nix user download it from the following url ##
- wget http://lcamtuf.coredump.cx/soft/memfetch.tgz
- tar xvf memfetch.tgz
- cd memfetch && make
Memfetch:Http://lcamtuf.coredump.cx/
Red Hat Crash
This core analysis suite is an independent tool that can be used to study the ecosystem, kernel core dump created on Netdump, diskdump and kdump packages on Red Hat Linux, it can be used for memory forensics. Installation code:
- ## RHEL / CentOS ##
- yum install crash
- ## Novell / Suse / OpenSUSE ##
- zypper install yast2-kdump
Crash:Http://people.redhat.com/anderson/
Memgrep
A simple tool to search, replace, and dump memory from running processes and core files. Installation:
- ## FreeBSD ##
- pkg_add -r -v memgrep
Memgrep:Http://hick.org/
Memdump
Memdump dumps the system memory to the standard output stream and skips the memory ing. The contents of physical memory are dumped by default. Installation:
- ## Debian / ubuntu Linux ##
- sudo apt-get install memdump
- ## FreeBSD ##
- pkg_add -r -v memdupm
Foriana
A tool that extracts process and module list information from a RAM Image Based on the logical relationship between the operating system structure.
Foriana:Http://hysteria.sk /~ Niekt0/foriana/
If you have other good tools, please share them below.