How do we read a RAM ?

This blog is to read RAM from stored memory

Generally we know, RAM is short for “random access memory” and while it might sound mysterious, RAM is one of the most fundamental elements of computing. RAM is the super-fast and temporary data storage space that a computer needs to access right now or in the next few moments. Random access memory (RAM) is a computer’s short-term memory, which it uses to handle all active tasks and apps. None of your programs, files, games, or streams would work without RAM. Here, we’ll explain exactly what RAM is, what RAM means, and why it’s so important. Then, learn how to lighten the load on your computer’s RAM with a specialized performance booster.

‘Random Access Memory (RAM)’ is a volatile memory. The read and write operations on RAM are faster than the hard disk and solid-state drive. That’s why the computers, tablets, mobiles, and other electronic systems used RAM for high-speed data access. When we are working on a document in our computer systems, the document is kept in RAM, and when the computer is turned off, the random access memory automatically loses its documents. If we want to save our documents from erasing, then we should save our files and documents in non-volatile memory, such as hard disks, optical disks, and removable disks. The types of volatile memory require continuous electric power for the proper processing of computer operations. Volatile memory is categorized into two different types of RAM: Static RAM, Dynamic RAM

Now we read RAM from LINUX operating system

why is it so important to read a RAM?

The amount of RAM your computer has can affect the speed and performance of the computer. When a computer runs a program, the microprocessor loads the executable file from the program into the computer’s RAM. Some programs contain a large amount of data that needs to be loaded onto the RAM in order to properly function. If there is not enough space in the memory, this can cause the computer to run slowly. The computer’s operating system needs a sufficient amount of memory to keep the computer running. In addition to the operating system, many users will operate multiple programs at once, such as a Web browser, an email program, and a word processing program. Each of this programs will take up part of the computer’s memory. The more RAM a computer has, the more efficiently the programs can run.

ram consists of?

I/O interface

MEMORY DUMP TOOLS IN LINUX:

LiME-Lime is a Loadable Kernel Module (LKM) which allows for volatile memory acquisition from Linux and Linux-based devices, such as Android. This makes LiME unique as it is the first tool that allows for full memory captures on Android devices. It also minimises its interaction between user and kernel space processes during acquisition

Linux Memory Grabber-A script for dumping Linux memory and creating Volatility(TM) profiles. To analyze Linux memory, you first need to be able to capture Linux memory. AVML works great, but if your system doesn’t have /proc/kcore or /dev/crash then you will need Joe Sylve’s Linux Memory Extractor (LiME). But you need to have a LiME module compiled for the kernel of the system where you want to grab RAM.

fmem- a kernel module that creates device /dev/fmem, similar to /dev/mem but without limitations. This device (physical RAM) can be copied using dd or other tools.

How does it work external? LiMEaide is a python application designed to remotely or locally dump RAM of a Linux client and create a volatility profile for later analysis on your local host. I hope that this will simplify Linux digital forensics in a remote environment. In order to use LiMEaide all you need to do is feed a remote Linux client IP address, sit back, and consume your favorite caffeinated beverage.

Install kernel headers to do RAM acquisition

# yum install kernel-devel kernel- headers -y
kernel-devel kernel- headers

Install git package

# yum install git
git

Now we have to clone the GitHub repo of LiME

# git clone https://github.com/504ensicsLabs/LiME.git
https://github.com/504ensicsLabs/LiME.git

Now we can compile the source code of LiME

# cd LiME/src
LiME/src

Install the package “make”

# yum install make
make

Install Development tools

# yum groupinstall “Development tools” -y
Development tools

Install elfultils-libelg-devel

# yum install elfutils-libelf-devel -y
elfutils-libelf-devel

make, command will compile the source code and give us a loadable kernel object file

# make
make

python3

here, x stores 5

python3

When you compile LiME will append the kernel version to the file name

#mv lime-4.18.0-80.el8.x86_64.ko lime.ko
lime-4.18.0–80.el8.x86_64.ko

insmod command in Linux systems is used to insert modules into the kernel, here we give path to read ram using ./lime.ko file.

#insmod ./lime.ko "path=./ramdata.mem format=raw"
ramdata.mem

Now from the ram data let’s see if x = 5 is stored in RAM using the command

# cat ramdata.mem | strings | grep "x=5"
x=5

we know that ram is the random access memory, it doesn’t stored the data for longer period of time but for temporary period. In ram data is stored in the capacitor. When we declare the variable x , x occupy space in the memory and when we initialize x=5 then 5 goes in place of x in memory but while doing this process, for short-term it is stored in the ram.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store