Simplify Linux digital forensics!

LiMEaide is a python application developed by Daryl Bennett that can remotely dump RAM of a Linux client.
It can also create a volatility profile for later analysis.

In order to use LiMEaide all you need to do is feed a remote Linux client IP address, sit back, and consume your favorite caffeinated beverage.


How does it work?

  1. Make a remote connection with specified client over SHH
  2. Transfer necessary build files to the remote machine
  3. Build the memory scrapping Loadable Kernel Module (LKM) LiME
  4. LKM will dump RAM
  5. Transfer RAM dump and RAM maps back to host
  6. Build a Volatility profile

Installation

In order to use LiMEaide you need to resolve some dependencies.

paramiko and termcolor

sudo apt-get install python3-paramiko python3-termcolor

dwarfdump

sudo apt-get install dwarfdump

LiME

  1. Download LiME v1.7.8
  2. Extract into LiMEaide/tools/
  3. Rename folder to LiME

More information and downloads

[embed]https://github.com/kd8bny/LiMEaide[/embed]