Digital Forensic Scientist

less than 1 minute read

Memory foreniscs in Linux is not very easy. The reason is because the Linux kernel changes data structures and debug symbols often. Users can also easily modify and compile their own custom kernels. If we want to analize Linux memory using Volatility, we have to find or create linux profiles for the version of Linux that we are trying to analize. Linux profile creation for Volatility is not that difficult. The documentation claims that Volatility will support profile sharing in the future, which should make Linux support much easier.

For now, we still have to make our own profiles. Please see the video below for details. We used LiME for Linux memory acquisition.

You may also enjoy

iLEAPP and RLEAPP updates and dev thoughts

Alex (@kviddy) has been pushing some extremely useful updates to the open-source Android forensic tool - [ALEAPP](https://github.com/abrignoni/ALEAPP]. Speci...

What data can you find in RAM?

To determine if you need to collect Random Access Memory on-scene, it is useful to know what kinda of investigation-relevant data is often available in RAM.

Modular artifact scripts coming to iLEAPP

kviddy has been pushing some great core updates to ALEAPP. Specifically, artifact scripts are now self-contained. This means that script authors no longer ne...