TASK 1.3

Sudeep Gupta
2 min readSep 26, 2021

--

Reading Data in RAM

What is RAM?

RAM stands for random-access memory ,RAM is short term(volatile) memory where it contains the most valuable data which was required by the processor.

What is LIME?

LIME stands for loadable kernel module which allows for volatile memory acquisition from Linux and Linux-based devices.

step 1: we need to install the kernel devel and kernel headers for the acquisition of ram.

command: yum install kernel-devel kernel-headers -y

step 2: to use lime tool we need its source code. so, we need to clone its source code from git-hub using the following command

step 3: To compile the source code of Lime, we need to navigate to the src directory

command: cd LiME/src

step 4: using make command we can compile the source code and we can obtain the kernel object

command: make

step 5:using python we will give the data to be stored in ram

step 6:using insmod command we can insert the kernel object that we had obtained which will help us to dump the data in ram in the specified location.

command: insmod ./lime-4.18.0–305.el8.x86_64.ko “path=./ramdata.mem format=raw”

note: location will be obtained using -ls command

step 7: cat command we will read the data in ram.data directory and verify the data stored in ram by converting the data in to string form by using the following command.

In this way we can prove that data stored in the ram can be viewed.

--

--

No responses yet