How to read data stored in RAM?

Random access memory (RAM) is a computer’s short-term memory, which it uses to handle all active tasks and apps. None of your programs, files, games, or streams would work without RAM.

How can we read the data inside ram?

Here, we will be dump the whole ram data on disk and then we will read ram data from it. performing on Rhel-8(Linux)

Lets get Started,

We will use LiMe (Liux Memory Extractor) to dump ram data on the disk.

Install below packages:

sudo yum install kernel-devel kernel-headers git make -y

Next, we need to clone the LiME repository from GitHub

git clone https://github.com/504ensicsLabs/LiME.git

Now, we can compile the LiME source code. First, navigate to the src directory using the following command:

cd LiME/src

make is commonly used to compile and build executable programs and libraries from source code.

sudo make

Before proceeding, we need to generate some data in RAM so that we can verify it after dumping the RAM data.

Now, let’s insert the kernel object. We’ll specify the path and the format in which we want to save the image. You can name the folder anything; for example, I’ve named it ‘data.mem’

insmod ./lime-4.18.0–305.19.1.el8_4.x86_x64.ko "path=./data.mem format=raw"

Use the following command to check if the variable value is stored in RAM:

cat ramdata.mem | strings | grep "x=5"

We can use cat to display the contents of ramdata.mem and pipe it to strings because RAM contains data in binary or other encodings. The strings command will convert it into readable text, allowing us to grep for the variable name.