Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/kost/memdump
System Memory dump
https://github.com/kost/memdump
Last synced: 3 months ago
JSON representation
System Memory dump
- Host: GitHub
- URL: https://github.com/kost/memdump
- Owner: kost
- License: other
- Created: 2018-03-13T08:45:59.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2018-03-13T09:19:31.000Z (almost 7 years ago)
- Last Synced: 2024-08-04T22:13:38.004Z (6 months ago)
- Language: C
- Size: 15.6 KB
- Stars: 10
- Watchers: 7
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README
- License: LICENSE
Awesome Lists containing this project
- awesome-anti-forensic - MemDump
README
memdump - memory dumper for UNIX-like systems.
What can you expect to find in a system memory dump? Bits from the
operating system, from running processes, and from every file and
directory that has been accessed recently. Depending on the operating
system you may even find some information from deleted files and
exited processes, although that information tends to be short-lived.
To dump physical memory:
memdump | nc host port
memdump | openssl s_client -connect host:port
For best results send output off-host over the network. Writing to
file risks clobbering all the memory in the file system cache. Use
netcat, stunnel, or openssl, depending on your requirements.
With the exception of Linux, dumping UNIX system memory is a tricky
business because /dev/mem has holes that one has to carefully skip
around in order not to read nonsense or even miss information.
See the memdump.1 manual page for detailed documentation. Be sure
to pay attention to all the warnings. It is easy to produce an
invalid result or to lock up the machine really hard.
This software was tested on Linux, Solaris, FreeBSD, OpenBSD, and
is distributed under the IBM Public License.
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA