LiME
A Loadable Kernel Module (LKM) for acquiring volatile memory from Linux and Android devices, supporting local disk or network output.
What is LiME?
LiME (Linux Memory Extractor) is a Loadable Kernel Module (LKM) that allows forensic investigators to capture volatile memory from Linux and Android devices. It solves the problem of acquiring full memory dumps in a forensically sound manner, minimizing interaction with the system during acquisition. The tool supports output to local storage or over a network, making it versatile for different investigation scenarios.
Digital forensic investigators, incident responders, and cybersecurity professionals who need to analyze memory from Linux-based systems, including Android devices, for malware analysis or incident investigation.
Developers choose LiME because it is the first tool to enable full memory captures from Android devices and produces more forensically sound dumps than other Linux memory acquisition tools by minimizing its footprint during acquisition.
Overview
LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.
Use Cases
Best For
Related Projects
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
