recently, some forensic research suggested that utilizing Crash utility as independent solution to parse Linux memory dump in order to extract forensic artifacts. but in real forensic cases where there is need for minimizing the footprint on the comprised system, the forensic analyst would perform only one action, which is physical memory capture to minimize the footprint with dd. I just wonder if there any chance that Crach utility would support dd image.
Thanks,
Amer
-- Crash-utility mailing list Crash-utility@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/crash-utility
