10.16. 取证

10.16.1. 内存取证

  • SfAntiBotPro

  • volatility

  • Rekall Memory Forensic Framework

  • LiME LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android.

  • AVML Acquire Volatile Memory for Linux