Make a live memory dump to analyze it
This section explains how to make a memory dump on Windows and Linux.
Make a memory dump on Windows
With DumpIt (you can find it here) :
$ DumpIt.exe
Then , you can analyse the result with volatility.
Make a memory dump on Linux
$ git clone https://github.com/504ensicsLabs/LiME
$ cd LiME/src
$ make
$ cd ~
$ sudo insmod ./LiME/src/lime-XXX.ko path=./mem.dmp format=lime
$ ls
LiME mem.dmp
Then, you can analyse the result with volatility. Do not forget to determine the correct profile before.
Written on June 3, 2020