-
Notifications
You must be signed in to change notification settings - Fork 45
Home
Daryl Bennett edited this page Dec 10, 2018
·
8 revisions
Here we will try to provide more detailed information of how to use LiMEaide and what results expect.
LiMEaide is a python application designed to remotely dump RAM of a Linux client and create a volatility profile for later analysis on your local host. I hope that this will simplify Linux digital forensics in a remote environment. In order to use LiMEaide all you need to do is feed a remote Linux client IP address, sit back, and consume your favorite caffeinated beverage.
LiMEaide has 3 primary modes of operation
- Remote - Initiates connection with SSH and transfers data over SFTP
- Socket - Initiates a connection with SSH but transfers the memory image over a TCP socket. This means that the image is NOT written to disk. Tools are still transferd over SFTP.
- Locally - Have a copy of LiMEiade on a flash drive or other device. Does not transfer any data to the client, maintain execution in its working directory. All transfers are completed with internal methods and no network sockets are opened.
- Make a connection with specified client over SSH
- Transfer necessary build files to the remote machine
- Build the memory scraping Loadable Kernel Module (LKM) LiME
- LiME will dump the RAM
- LiMEaide will transfer the RAM dump and system maps back to host
- Build a Volatility profile
Well... the TL;DR method is
python3 limeaide.py <IP>
However feel take a looksee at the sidebar in order to get a more detailed usage and notes to watch for.
Table of Contents