Re: [Vol-users] Re: Lime Forensics Question

Yes, LiME will opening a listening port on the machine you're dumping memory from. You need to allow that port through iptables (if it's active). You run netcat on the machine you want to copy the memory image TO (so you don't use nc -l, because it's making an outbound connection). Restarting what Sebastien said: sourcethost# insmod lime-2.6.24-16-server.ko "path=tcp:4444 format=lime" desthost$ nc targethost -p 4444 >mem.lime When the BSidesSF videos from this year are online (haven't been recorded yet), there will be a video of this process. -- bk