10.16. 取证¶
10.16.1. 内存取证¶
- SfAntiBotPro
- volatility
- Rekall Memory Forensic Framework
- LiME LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android.
- AVML Acquire Volatile Memory for Linux