Skip to content

Options V2

Jump to bottom
Daryl Bennett edited this page Dec 10, 2018 · 2 revisions

Options for LiMEaide Version 2

This page is for the updated version 2 of LiMEaide

The general format

  • Remote Clients

limeaide.py [OPTIONS] CLIENT_IP/LOCAL

  • Local Client

A client that exists on the same system in which you're running LiMEaide

limeaide.py [OPTIONS] local

With the following options

  • Help
    • Show the help dialog
  • User
    • Execute memory grab as specified user (with sudo privileges) instead of root
  • Socket
    • Use a TCP socket in order to transfer memory image, skipping a write to disk
  • No Profiler
    • Do NOT run profiler and force the creation of a new module/profile for the client.
  • Profile
    • Skip the usage of the interactive profiler by providing the distribution, kernel version, and architecture of the remote client.
  • Delay Pick-up
    • Execute a job to create a RAM dump on target system that you will retrieve later.
  • Output
    • Change name of output file. dump.lime Is default
  • Format
    • Change the format that LiME uses for extraction. lime Is default, other options are raw and padded
  • Digest
    • Change the digest type that LiME uses for extraction. sha1 Is default, other options are dependent on the kernel
  • Delay Pickup
    • Pick up a job you previously ran with the --delayed-pickup switch.
  • Verbose
  • Output verbosely
  • Force Clean
    • Force LiMEaide to clean up if a deploy fails

Help

Shows the help dialog

-h, --help

User

Execute memory grab as specified sudo user. This is useful when root privileges are not granted or if root login over SSH is not allowed

-u, --user

Profile

Skip the profiler by providing the distribution, kernel version, and architecture of the remote client.

-p, --profile

No profiler

Do NOT run profiler and force the creation of a new module/profile for the client.

-N, --no-profiler

Don't Compress

Do not compress memory file. By default memory is compressed on host. This may not be the most forensically sound option, however, I have seen a 60-80% reduction in file size. If you experience issues, toggle this flag

-C, --dont-compress

Delay Pick-up

--delay-pickup Execute a job to create a RAM dump on target system that you will retrieve later. The stored job is located in the scheduled_jobs/ dir that ends in .dat

Pick-up

-P, --pickup <path to job file .dat> Pick up a job you previously ran with the --delayed-pickup switch. The file that follows this switch is located in the scheduled_jobs/ directory and ends in .dat

Output

Change name of output file. Default is dump.bin

-o, --output

Append Case Number

Gives you the ability to append a case number before the date in the output directory

-c, --case

Force Clean

If LiMEaide fails for any reason clean the remote client before attempting again

--force-clean

Table of Contents

About

Installing

Version 1.x

Options

Running

Host Specifics

Using in Volatility

The Config File

Version 2.x

About

Options V2

Running V2

The Config File V2

More Info

Compiling External Modules

FAQ

Clone this wiki locally