How To Read Your RAM Data?
In a moment of code initialization, a question stirred within me — was my variable truly initialized? This curiosity led me on a quest to unlock the secrets of reading RAM. Delving into its history, organization, and real-world applications, I unraveled the wonders of computer memory. Empowered, I explored technical specs to optimize performance. This journey was an invitation to all curious minds to embark on an enthralling adventure into the heart of modern computing.
What is RAM and What data it contains?
RAM, short for RandomTo read RAM data in a Linux-based OS, one method is to dump the entire RAM data onto disk and then read the data from the disk. This can be achieved using tools like LiME (Linux Memory Extractor), which helps acquire memory and dump it to a file . By doing so, you can analyze and extract valuable information from the memory dump using open-source memory forensics tools like Volatility .
For other operating systems like Windows or macOS, similar methods can be employed, such as using specialized memory imaging tools or third-party software that allows memory dumping and analysis . Each operating system may have its own set of tools and techniques for reading RAM data for forensic or analysis purposes.
Always be cautious when working with memory dumps, as they contain sensitive and critical system data, and manipulating them incorrectly may lead to system corruption or loss of valuable information . Access Memory, is a type of computer main memory that allows the central processing unit (CPU) to directly access specific contents in a very short time, regardless of their location. It holds data temporarily while the computer is running, such as open applications, documents, and program files, for quick and efficient access during active us.
Tools Required for dumping ram data on disk:
Linux based O.S
- LiME
MAC O.S
- MACMemoryReader
Windows O.S
- FTK Imager
These above are the Famous One.
Let’s Come to the Main Point of knowing the way how to read the RAM.
LiME ~ Linux Memory Extractor
A Loadable Kernel Module (LKM) which allows for volatile memory acquisition from Linux and Linux-based devices, such as Android. This makes LiME unique as it is the first tool that allows for full memory captures on Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.
GitHub Repo Link:-https://github.com/mdshamsfiroz/LiME.git
We can simply download the source code and compile it to binary files with make.
Note that I will be compiling the source code in my O.S.
You can use AWS ec2 instance with Amazon Linux 2 AMI to perform ram acquisition and also any OS but here I have performed the steps byusing RHEL.
First of All, We will configure our yum repository. If you donot know : Go through any blog or Video Source.
Then Secondly,
We have to use root account to perform task.
We will also need to install kernel-devel and kernel headers to do ram acquisition.
I have installed it earlier then it’s showing like that. In your case it will be different.
Now Thirdly,
We will install the GIT to download the source code of LiME Tool
yum install gitNext , we will clone to download.
git clone https://github.com/mdshamsfiroz/LiME.gitNow navigate to the src directory of the LiME.
We have to download make and gcc to compile the code.
yum install git
yum install gccIn another terminal, we will initialise our variable.
Now we will run make command
then we will use modinfo
then
insmod command will insert the kernel object and it will dump the ram data at the path we specified and there are different formats for memory file I am here using the raw format.
(ignore rmmod lime command)
we can cat the myram.data and pipe it to strings because ram contains data in binary or other encodings so strings will convert it into a string and then we can grep with the variable name.
here grep command is used to find the specific data from larger information available data.
Here, you can see clearly the name=”We love our nature”
Thank you @Vimal Daga Sir And Linux World for resources to learn.
Reference:-https://youtu.be/SNDVntZkGM0
So, whether you’re a tech enthusiast, a professional, or just someone who wants to learn more, I invite you to follow me on this journey. Subscribe to my blog and follow me on social media to stay in the loop and never miss a post.
Together, let’s explore the exciting world of technology and all that it has to offer. I can’t wait to connect with you!”
