Rip Raw – Small Tool To Analyse The Memory Of Compromised Linux Systems
Rip Raw is a small tool to analyse the memory of compromised Linux systems. It is similar in purpose to Bulk Extractor, but particularly focused on extracting system Logs from memory dumps from Linux systems. This enables you to analyse systems without needing to generate a profile.
This is not a replacement for tools such as Rekall and
Or Splunk:
Learn More
-
We’ll be giving a webinar on Cloud Incident Response and Ransomware on Tuesday February 1st @ https://www.brighttalk.com/webcast/19071/527346
-
We give an example of Rip Raw for analysing a compromised Amazon Kubernetes system in a talk @ https://offers.cadosecurity.com/cloud-and-kubernetes-memory-forensics
-
You can download a PDF copy of our playbook on how to respond to compromised Kubernetes systems such as Amazon EKS @ https://offers.cadosecurity.com/the-ultimate-guide-to-docker-and-kubernetes-incident-response
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.