Here is a guide on how to remotely dump Linux RAM with LiMEaide – a python application designed to remotely dump RAM of a Linux client and create a volatility profile for later analysis on your forensic workstation.
The process includes six steps:
- Make a remote connection with specified client over SSH
- Transfer necessary build files to the remote machine
- Build the memory scrapping Loadable Kernel Module (LKM) LiME
- LKM will dump RAM
- Transfer RAM dump and RAM maps back to host
- Build a Volatility profile