Skip to content

Instantly share code, notes, and snippets.

@pburkholder

pburkholder/NOTES.md

Created November 23, 2015 14:49
Show Gist options
  • Save pburkholder/eaa0e12e765c4efb4533 to your computer and use it in GitHub Desktop.
Save pburkholder/eaa0e12e765c4efb4533 to your computer and use it in GitHub Desktop.
Download ZIP
Where I am with memory forencsics
Raw
NOTES.md

LiME builds lime.ko -- See analytics.cheffian.com

insmod lets you export memory over port 4444, and then from workstation ssh ubuntu@chefserver.cheffian.com -L 4444:localhost:4444

insmod lime.....ko "path=tcp:4444 format=lime'
nc localhost 4444 > chefserver.lime

volatility stuff is in ~/Hacks/volatilty

This works:

vol.py --plugins=profiles  --profile=LinuxEvo4GARM -f Evo4GRodeo.lime limeinfo

But using the profile generated on analytics doesn't

 vol.py --plugins=profiles  --profile=LinuxMyUbuntu1404x64 -f chefserver.lime limeinfo

I have the correct headers:

od -t x4 dump.lime  | head -2

Shrug...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment