取证
========================================

内存取证
----------------------------------------
- `SfAntiBotPro <http://edr.sangfor.com.cn/tool/SfabAntiBot_X64.7z>`_
- `volatility <https://github.com/volatilityfoundation/volatility>`_
- `Rekall <https://github.com/google/rekall>`_ Memory Forensic Framework
- `LiME <https://github.com/504ensicsLabs/LiME>`_ LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. 
- `AVML <https://github.com/microsoft/avml>`_ Acquire Volatile Memory for Linux