Preparing Forensic USB

USB (Ext4)

Created Ext4 partition for USB Drive using AOMEI application.

Install package/software

Linux Memory Grabber, Linux Memory Extractor and Volatility Framework are mostly used for memory forensic analysis. Those will be installed on USB drive then attached to SIFT-Workstation.

Git Repository;
Linux Memory Grabber: https://github.com/halpomeranz/lmg.git
Linux Memory Extractor: https://github.com/504ensicsLabs/LiME.git
Volatility Framework: https://github.com/volatilityfoundation/volatility.git

Move to USB Drive folder, then;
$git clone https://github.com/halpomeranz/lmg.git .
$git clone https://github.com/504ensicsLabs/LiME.git lime
$cd lime/src
$patch < ../../lime-Makefile.patch
$cd -
$tar xf static-dwarfdump.tgz
$git clone https://github.com/volatilityfoundation/volatility.git

CAPTURING LINUX RAM

Attach USB on SIFT VM and start capturing Linux RAM

$sudo ./lim

Leave a Reply

Your email address will not be published. Required fields are marked *