hi, > 2. Instead of grep:ing /dev/mem directly in both steps 2 and 3, do this:
> dd if=/dev/mem of=$DUMP bs=1K count=$RAM_SIZE_IN_KB oflag=direct I think I'll use memdump [1] instead (in Debian), which probably removes the need to build an obsolete Lenny system for forensics. [1] http://www.porcupine.org/forensics/tct.html Running the test in a VM, and inspecting the VM memory from the host system, should also work. We should have a look to the toolbox used by Andrew Case when auditing our Live systems memory. Cheers! -- intrigeri <intrig...@boum.org> | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc | Then we'll come from the shadows. _______________________________________________ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev