linux memory dump--http://www.forensicswiki.org/wiki/Tools:Memory_Imaging

Linux provides two virtual devices for this purpose, '/dev/mem' and '/dev/kmem', though many distributions disable them by default for security reasons. '/dev/mem' is linked to the physical system memory, whereas '/dev/kmem' maps to the entire virtual memory space, including any swap. Both devices work as regular files, and can be used with dd or any other file manipulation too

1. dd On Unix systems, the program dd can be used to capture the contents of physical memory using a device file (e.g. /dev/mem and /dev/kmem). In recent Linux kernels, /dev/kmem is no longer available. In even more recent kernels, /dev/mem has additional restrictions. And in the most recent, /dev/mem is no longer available by default, either. Throughout the 2.6 kernel series the trend has been to reduce direct access to memory via pseudo-device files. See, for example, the message accompanying this patch:http://lwn.net/Articles/267427/. On Red Hat systems (and derived distros such as CentOS), the crash driver can be loaded to create a pseudo-device for memory access ("modprobe crash").

l.

1. Second Look This commercial memory analysis product has the ability to acquire memory from Linux systems, either locally or from a remote target via DMA or over the network. It comes with pre-compiled Physical Memory Access Driver (PMAD) modules for hundreds of kernels from the most commonly used Linux distributions.
2. Idetect (Linux)
3. fmem (Linux)
   fmem is kernel module, that creates device /dev/fmem, similar to /dev/mem but without limitations. This device (physical RAM) can be copied using dd or other tool. Works on 2.6 Linux kernels. Under GNU GPL. download url http://hysteria.cz/niekt0/
4. Goldfish
   Goldfish is a Mac OS X live forensic tool for use only by law enforcement. Its main purpose is to provide an easy to use interface to dump the system RAM of a target machine via a Firewire connection. It then automatically extracts the current user login password and any open AOL Instant Messenger conversation fragments that may be available. Law Enforcement may contact goldfish.ae for download information.
   1. There is also GDB commonly available on most Linuxes.
      And, you are always advised to avoid writing over unknown memory -- it can lead to system corruption.