Tool and Usage
The swap_digger tool helps with extracting sensitive data from a mounted swap partition. It can be used for forensics, post exploitation, or data discovery.
Why this tool?
Swap memory is similar to active memory and may contain sensitive details.
Examples of sensitive data artifacts:
- Login accounts and passwords
- GPG keys
- Master keys of password managers
- Email addresses
- WiFi SSID details and keys
- Samba credentials
- Other authentication details
How it works
The tool reads the swap file or files, which are often discovery via the /proc/swaps file. It then starts digging through its contents in the hunt for useful information.
Usage and audience
This tool is categorized as a data excavation tool.
swap_digger is commonly used for data extraction, information gathering, or penetration testing. Target users for this tool are pentesters and security professionals.
- swap_digger is written in shell script
- Command line interface
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + The source code of this software is available
Supported operating systems
Swap_digger is known to work on Linux.