10.16. Forensics

10.16.1. Memory Forensics

  • SfAntiBotPro

  • volatility

  • Rekall Memory Forensic Framework

  • LiME LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android.

  • AVML Acquire Volatile Memory for Linux