kcore_dump is a simple tool to create a physical memory dump of a running x86-64 Linux system from userland. It does so by extracting the relevant memory ranges from /proc/kcore. The dump is written to disk in the LiME file format.
See this blog post for details.
git clone https://github.com/schlafwandler/kcore_dump.git
cd kcore_dump/
gcc -o kcore_dump kcore_dump.c
sudo ./kcore_dump <outfile>
This tool was written to demonstrate the process of extracting a memory dump from /proc/kcore. It has undergone only minimal testing (as in: works on my machine) and should not be considered a ready-to-use forensics tool.
Let me repeat this:
THIS TOOL HAS NOT UNDERGONE MUCH TESTING!
USE IT AT YOUR OWN RISK!