swap_digger – Digging passwords in Linux swap

Linux swap is an important part of the operating system as data from memory and RAM moves to the swap space when the OS wants to free the RAM. the swap partition may store some sensitive information and depending on the operating system configuration this part of the harddrive may store sensitive data in clear text without encryption.  If you are looking to extract passwords from swap you can use swap_digger.

swap digger is a bash script that automate Linux swap analysis for post-exploitation or forensics purpose. It automates swap extraction and searches for Linux user credentials, Web form credentials, Web form emails, HTTP basic authentication, WiFi SSID and keys and more.

swap_digger - Digging passwords in Linux swap

swap_digger – Digging passwords in Linux swap

Considering Swap memory forensics during investigating security issue or an incident is becoming a high requirement. This may contain the key data required to identify the root cause of a malicious attack against your system. Techniques and advanced tools available may help with reporting and getting the required artifact.

You can read more and download this tool at: https://github.com/sevagas/

Notify of
Inline Feedbacks
View all comments