Live memory forensics on Linux (/dev/(k)mem, memor
2016-08-23
0 0 0
no vote
Other
Earn points
By using /dev/(k)mem or a memory dump, Draugr can be used to access easily in python to this memory, play (read, write, disassemble, search) with it ... and can find system information (processes ...) by different methods.
It can find kernel symbols (pattern matching in a XML file or with EXPORT_SYMBOL), processes (informations and sections) (by the kernel linked list or bruteforce) and disassemble/dump the memory.
取证
内存
生活
LinuxdevK
转储
Related Source Codes
PHP MS SQL Dump
1
0
no vote
The tune of life, the tune of yours
0
0
no vote
Digital Forensics Tools
0
0
no vote
Word of Life Events Organizer
0
0
no vote
Digital Forensic Investigator
0
0
no vote
No comment