Preparing Forensic USB

USB (Ext4)

Created Ext4 partition for USB Drive using AOMEI application.

Install package/software

Linux Memory Grabber, Linux Memory Extractor and Volatility Framework are mostly used for memory forensic analysis. Those will be installed on USB drive then attached to SIFT-Workstation.

Git Repository;
Linux Memory Grabber:
Linux Memory Extractor:
Volatility Framework:

Move to USB Drive folder, then;
$git clone .
$git clone lime
$cd lime/src
$patch < ../../lime-Makefile.patch
$cd -
$tar xf static-dwarfdump.tgz
$git clone


Attach USB on SIFT VM and start capturing Linux RAM

$sudo ./lim

Leave a Reply

Your email address will not be published. Required fields are marked *