Hi,
can someone tell me why memdump (from /usr/ports/sysutils) produces 4GByte files on a system with 2GB RAM (physically, no swap configured). Also what's the difference between "dd if=/dev/mem..." /dev/kmem and memdump?
# dmesg | grep memor
real memory = 2104164352 (2006 MB)
avail memory = 2053550080 (1958 MB)
I want to read memory content for forensic purposes. Useful informations on this topic appreciated. Thanks a lot in advance.
hnk
can someone tell me why memdump (from /usr/ports/sysutils) produces 4GByte files on a system with 2GB RAM (physically, no swap configured). Also what's the difference between "dd if=/dev/mem..." /dev/kmem and memdump?
# dmesg | grep memor
real memory = 2104164352 (2006 MB)
avail memory = 2053550080 (1958 MB)
I want to read memory content for forensic purposes. Useful informations on this topic appreciated. Thanks a lot in advance.
hnk