USB (Ext4)
Created Ext4 partition for USB Drive using AOMEI application.
Install package/software
Linux Memory Grabber, Linux Memory Extractor and Volatility Framework are mostly used for memory forensic analysis. Those will be installed on USB drive then attached to SIFT-Workstation.
Git Repository;
Linux Memory Grabber: https://github.com/halpomeranz/lmg.git
Linux Memory Extractor: https://github.com/504ensicsLabs/LiME.git
Volatility Framework: https://github.com/volatilityfoundation/volatility.git
Move to USB Drive folder, then; $git clone https://github.com/halpomeranz/lmg.git . $git clone https://github.com/504ensicsLabs/LiME.git lime $cd lime/src $patch < ../../lime-Makefile.patch $cd - $tar xf static-dwarfdump.tgz $git clone https://github.com/volatilityfoundation/volatility.git
CAPTURING LINUX RAM
Attach USB on SIFT VM and start capturing Linux RAM
$sudo ./lim