{"id":898,"date":"2023-09-16T09:08:00","date_gmt":"2023-09-16T09:08:00","guid":{"rendered":"https:\/\/sciencesetrecherches.eu\/?p=898"},"modified":"2023-09-16T09:08:01","modified_gmt":"2023-09-16T09:08:01","slug":"extraire-la-memoire-dun-linux","status":"publish","type":"post","link":"https:\/\/sciencesetrecherches.eu\/?p=898","title":{"rendered":"Extraire la m\u00e9moire d&#8217;un Linux"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><strong><a href=\"https:\/\/github.com\/504ensicslabs\/lime\">LiME<\/a><\/strong> pour <strong>Linux Memory Extractor<\/strong> est un outil qui permet de r\u00e9aliser des captures compl\u00e8tes de la m\u00e9moire (volatile) d\u2019un autre appareil. Id\u00e9al si vous faites un peu de forensics.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">L\u2019acquisition se fait via l\u2019interface r\u00e9seau ou directement sur un support type carte SD et l\u2019outil charge son module dans le noyau gr\u00e2ce \u00e0 la commande insmod, ce qui permet ensuite de lui passer les param\u00e8tres qui vont bien pour l\u2019extraction.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Voici un exemple qui explique comment charger le module dans le noyau du t\u00e9l\u00e9phone Android avec adb :<\/strong><\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\">adb push lime.ko \/sdcard\/lime.ko<br>adb forward tcp:4444 tcp:4444<br>adb shell<br>su<br>insmod \/sdcard\/lime.ko \u00ab&nbsp;path=tcp:4444 format=lime&nbsp;\u00bb<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\">Puis une fois, en place, il suffit d\u2019entrer la commande suivante pour effectuer une capture de la m\u00e9moire vive :<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\">nc localhost4444&gt;ram.lime<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\">Et si vous voulez faire une copie de la m\u00e9moire sur une carte SD plut\u00f4t que via le r\u00e9seau, chargez plut\u00f4t le module comme ceci :<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\">insmod \/sdcard\/lime.ko \u00ab&nbsp;path=\/sdcard\/ram.lime format=lime&nbsp;\u00bb<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\">Si vous voulez plus d\u2019infos sur LiME, <a href=\"https:\/\/github.com\/504ensicslabs\/lime\">c\u2019est sur Github que \u00e7a se passe.<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>LiME pour Linux Memory Extractor est un outil qui permet de r\u00e9aliser des captures compl\u00e8tes de la m\u00e9moire (volatile) d\u2019un autre appareil. Id\u00e9al si vous faites un peu de forensics. L\u2019acquisition se fait via l\u2019interface r\u00e9seau ou directement sur un support type carte SD et l\u2019outil charge son module dans le noyau gr\u00e2ce \u00e0 la [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":899,"comment_status":"closed","ping_status":"closed","sticky":true,"template":"","format":"standard","meta":{"_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[96,95],"tags":[54,98,97],"series":[],"class_list":["post-898","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-android","category-linux","tag-android","tag-extraction-memoire","tag-linux"],"_links":{"self":[{"href":"https:\/\/sciencesetrecherches.eu\/index.php?rest_route=\/wp\/v2\/posts\/898","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sciencesetrecherches.eu\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sciencesetrecherches.eu\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sciencesetrecherches.eu\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sciencesetrecherches.eu\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=898"}],"version-history":[{"count":1,"href":"https:\/\/sciencesetrecherches.eu\/index.php?rest_route=\/wp\/v2\/posts\/898\/revisions"}],"predecessor-version":[{"id":900,"href":"https:\/\/sciencesetrecherches.eu\/index.php?rest_route=\/wp\/v2\/posts\/898\/revisions\/900"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sciencesetrecherches.eu\/index.php?rest_route=\/wp\/v2\/media\/899"}],"wp:attachment":[{"href":"https:\/\/sciencesetrecherches.eu\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=898"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sciencesetrecherches.eu\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=898"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sciencesetrecherches.eu\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=898"},{"taxonomy":"series","embeddable":true,"href":"https:\/\/sciencesetrecherches.eu\/index.php?rest_route=%2Fwp%2Fv2%2Fseries&post=898"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}