[Vol-users] coldboot - usb, iso or distro - using LiME

Filipe Bernardo filipesam at gmail.com
Wed Jun 5 08:53:25 CDT 2013


Hi Andrew, thanks for your reply.

Yea, i know that most of distros will load up a big chunk of mem.
Right now i'm using a ubuntu minimal - iso, it starts and it uses 36MB
aprox, then using the LiME module.
I'm trying to trim this footprint down...

Another tool that should be good to do this (problably the best) is the
scraper.bin that the "princeton research" guys did.
Has anyone ever used this to dump mem and then use volatility?

Thanks


On Wed, Jun 5, 2013 at 2:44 PM, Andrew Case <atcuno at gmail.com> wrote:

> booting to a real linux distro is still going to use quite a bit of
> RAM and most of it in the first GB of physical memory, which is not
> what you want. I believe there was DOS based live CD OS that was used
> during the cold boot reseasrch or by some group replicating it. This
> would be much more useful if you could find it.
>
> On Tue, Jun 4, 2013 at 9:04 AM, Filipe Bernardo <filipesam at gmail.com>
> wrote:
> > Hello all,
> > First congrats on a great tool :)
> >
> > I'm looking for some iso/distro to be able to do some "coldboot" testing,
> > and i was thinking on using LiME module.
> >
> > Does anyone have done anything related to this, like a really small
> kernel
> > booting to usb, and dump the mem?
> >
> > What do you guys use to do memory dumps? (on "real" systems not vm's ?)
> >
> > Thanks
> >
> >
> > _______________________________________________
> > Vol-users mailing list
> > Vol-users at volatilityfoundation.org
> > http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20130605/c0bad183/attachment.html


More information about the Vol-users mailing list