How to read data stored in RAM?
What is RAM?
RAM, which stands for Random Access Memory, is a hardware device generally located on the motherboard of a computer and acts as an internal memory of the CPU. It allows CPU store data, program, and program results when you switch on the computer. It is the read and write memory of a computer, which means the information can be written to it as well as read from it.
RAM is a volatile memory, which means it does not store data or instructions permanently. When you switch on the computer the data and instructions from the hard disk are stored in the RAM, e.g., when the computer is rebooted, and when you open a program, the operating system (OS), and the program are loaded into RAM, generally from an HDD or SSD. CPU utilizes this data to perform the required tasks. As soon as you shut down the computer, the RAM loses the data. So, the data remains in the RAM as long as the computer is on and lost when the computer is turned off. The benefit of loading data into RAM is that reading data from the RAM is much faster than reading from the hard drive.
So then How can one read what data is inside one’s RAM?
There are multiple course of action to read RAM data each has its own use case I will explain one of the methods to read ram data.
The method that I will be using in that we will dump the whole ram data on disk and then we will read ram read data from it. I will show this in Linux-based Operating System.
There are following steps to read ram data :-
- install kernel headers to do ram acquisition.
yum install kernel-devel kernel- headers -y
2. install git package
yum install git
3. Now we have to clone the GitHub repo of LiME
git clone https://github.com/504ensicsLabs/LiME.git
4. Now we can compile the source code of LiME
cd LiME/src
5. install make package
yum install make
6. “make” command it will compile the source code and give us a loadable kernel object file
make
7.
yum groupinstall “Development tools”
8.
yum install elfutils-libelf-devel
9. Again hit make keyword
make
10.
11.
12.
Now we have verified that value and variable is stored in the RAM memory..
Thank You:)