Re: [Vol-users] coldboot - usb, iso or distro - using LiME
Filipe Bernardo
5 Jun
2013
5 Jun
'13
9:53 a.m.
Hi Andrew, thanks for your reply.
Yea, i know that most of distros will load up a big chunk of mem.
Right now i'm using a ubuntu minimal - iso, it starts and it uses 36MB
aprox, then using the LiME module.
I'm trying to trim this footprint down...
Another tool that should be good to do this (problably the best) is the
scraper.bin that the "princeton research" guys did.
Has anyone ever used this to dump mem and then use volatility?
Thanks
On Wed, Jun 5, 2013 at 2:44 PM, Andrew Case <atcuno(a)gmail.com> wrote:
booting to a real linux distro is still going to use
quite a bit of
RAM and most of it in the first GB of physical memory, which is not
what you want. I believe there was DOS based live CD OS that was used
during the cold boot reseasrch or by some group replicating it. This
would be much more useful if you could find it.
On Tue, Jun 4, 2013 at 9:04 AM, Filipe Bernardo <filipesam(a)gmail.com>
wrote:
Hello all,
First congrats on a great tool :)
I'm looking for some iso/distro to be able to do some "coldboot" testing,
and i was thinking on using LiME module.
Does anyone have done anything related to this, like a really small
kernel
booting to usb, and dump the mem?
What do you guys use to do memory dumps? (on "real" systems not vm's ?)
Thanks
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
Attachments:
- attachment.html (text/html — 2.3 KB)