{"id":492,"date":"2023-03-14T22:10:51","date_gmt":"2023-03-14T22:10:51","guid":{"rendered":"https:\/\/peterklemperer.com\/blog\/?p=492"},"modified":"2023-03-14T22:10:54","modified_gmt":"2023-03-14T22:10:54","slug":"memory-forensics-with-lime","status":"publish","type":"post","link":"https:\/\/peterklemperer.com\/blog\/2023\/03\/14\/memory-forensics-with-lime\/","title":{"rendered":"Memory Forensics with LiMe"},"content":{"rendered":"\n

Installing LiMe on a Kali Linux UTM virtual machine on an M1 Mac.<\/p>\n\n\n\n

In your Kali Linux Virtual Machine, enter the following on the command line:<\/p>\n\n\n\n

$ sudo nano \/etc\/apt\/sources.list<\/p>\n\n\n\n

Uncomment the deb-src line.<\/p>\n\n\n\n

$ sudo apt update -y
$ sudo apt upgrade -y
$ sudo apt dist-upgrade<\/p>\n\n\n\n

Reboot the Kali virtual machine.<\/p>\n\n\n\n

$ sudo apt-get install linux-headers-$(uname -r)
$ git clone https:\/\/github.com\/504ensicsLabs\/LiME.git<\/a>
$ cd LiME\/src\/
$ make
$ sudo insmod .\/lime-6.1.0-kali5-arm64.ko \u201cpath=..\/..\/kali-arm64.mem format=lime\u201d
$ sudo rmmod lime<\/p>\n\n\n\n

Your memory image is now the file kali-arm64.mem, wherever you installed lime.<\/p>\n","protected":false},"excerpt":{"rendered":"

Installing LiMe on a Kali Linux UTM virtual machine on an M1 Mac. In your Kali Linux Virtual Machine, enter the following on the command line: $ sudo nano \/etc\/apt\/sources.list Uncomment the deb-src line. $ sudo apt update -y$ sudo … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[1],"tags":[],"class_list":["post-492","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p1VqWo-7W","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/peterklemperer.com\/blog\/wp-json\/wp\/v2\/posts\/492","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/peterklemperer.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/peterklemperer.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/peterklemperer.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/peterklemperer.com\/blog\/wp-json\/wp\/v2\/comments?post=492"}],"version-history":[{"count":0,"href":"https:\/\/peterklemperer.com\/blog\/wp-json\/wp\/v2\/posts\/492\/revisions"}],"wp:attachment":[{"href":"https:\/\/peterklemperer.com\/blog\/wp-json\/wp\/v2\/media?parent=492"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/peterklemperer.com\/blog\/wp-json\/wp\/v2\/categories?post=492"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/peterklemperer.com\/blog\/wp-json\/wp\/v2\/tags?post=492"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}