I am keen to dump the contents of physical RAM into a flat file on my Ubuntu box but all I get is a 1MB file using dd (Which is odd as I have 4GB of RAM!).
The command I am using is dd if=/dev/mem of=/usr/dd.mem. I have also tried using /dev/kmem as an input file but i get a file not found error (and yes, the file is in the /dev directory)
I know in Windows you can use the \.\PhysicalMemory\ parameter as an input file.
Does anyone have an idea of how I can do this in Linux?
CONFIG_STRICT_DEVMEM has been enabled on your machine, you're probably getting an "Operation not permitted error" (an aside: it's worth copying & pasting the output of commands as you run them, as opposed to just describing what happens!). This is a kernel parameter that isn't usually (although there are patches to allow it) tunable via a sysctl. Turning it off requires rebuilding your kernel.
See http://www.mail-archive.com/crash-utility@redhat.com/msg01549.html for more information and solutions on what you can do to get access to the memory.
It's a feature.
Ubuntu is distributed with the kernel option CONFIG_STRICT_DEVMEM. This restricts the reading of /dev/mem above 1Mb physical. You should find a corresponding entry in /var/log/messages that confirms the restriction.
There are a couple of options to proceed. But probably the easist and most obvious will be to recompile your kernel without CONFIG_STRICT_DEVMEM.
