Open in app

Sign in

Write

Sign in

How to read RAM

Vineet k joshi
3 min readSep 26, 2021

--

Before understanding how to read RAM lets know about RAM.

Random-access memory (RAM) is a computer’s short-term memory. None of your programs, files would work without RAM, which is your computer’s working space.

RAM is short for “random access memory” and while it might sound mysterious, RAM is one of the most fundamental elements of computing. RAM is the super-fast and temporary data storage space that a computer needs to access right now or in the next few moments.

How to read RAM Data?

We can read RAM data by using LIME extractor it is a Loadable Kernel Module (LKM) which allows for volatile memory acquisition from Linux and Linux-based devices, such as Android. This makes LiME unique as it is the first tool that allows for full memory captures on Android devices

Their is a procedure to read RAM data so lets begin:

  1. we should install all the resources and dependencies required for reading ram, we can use yum or dnf command to install them.

yum install kernel-devel kernel-headers

2.Next we have to clone the git repository by git clone command

git clone https://github.com/504ensicsLabs/LiME.git

3.Then navigate to the source directory , we can find the source code in LIME/src directory.

cd LiME/src

4.Now you should compile the code by using make command and gives us a loadable kernel object file.

make

5. After compilation we obtain the kernel object which is the file with .ko extension.

6.Now we have to give some data into the RAM so that we can identify it using the LiME in our system.

7.Now we have to insert the kernel object created after compiling the source code.

insmod ./lime-4.18.0–305.el8.x86_64.ko “path=./ramdata.mem format=raw”

This command will insert the kernel object and load the data present in the RAM into the path we have mentioned as “./ramdata.mem”. Now the entire data present in our system’s RAM is present in the ramdata.mem file.

8.Now we use the cat command and convert the data stored into strings and grep can be used to find the specified strings .

cat ramdata.mem | strings | grep “x=5”

we can cat the ramdata.mem and pipe it to strings because ram contains data in binary or other encodings so strings will convert it into a string and then we can grep with the variable name.

Now we have verified that value and variable is stored in the RAM memory.

--

--

Vineet k joshi

Written by Vineet k joshi

0 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams