TASK 1.3
Reading Data in RAM
What is RAM?
RAM stands for random-access memory ,RAM is short term(volatile) memory where it contains the most valuable data which was required by the processor.
What is LIME?
LIME stands for loadable kernel module which allows for volatile memory acquisition from Linux and Linux-based devices.
step 1: we need to install the kernel devel and kernel headers for the acquisition of ram.
command: yum install kernel-devel kernel-headers -y
step 2: to use lime tool we need its source code. so, we need to clone its source code from git-hub using the following command
step 3: To compile the source code of Lime, we need to navigate to the src directory
command: cd LiME/src
step 4: using make command we can compile the source code and we can obtain the kernel object
command: make
step 5:using python we will give the data to be stored in ram
step 6:using insmod command we can insert the kernel object that we had obtained which will help us to dump the data in ram in the specified location.
command: insmod ./lime-4.18.0–305.el8.x86_64.ko “path=./ramdata.mem format=raw”
note: location will be obtained using -ls command
step 7: cat command we will read the data in ram.data directory and verify the data stored in ram by converting the data in to string form by using the following command.
In this way we can prove that data stored in the ram can be viewed.