Memory dump on Ubuntu 18.04 failed on too big /proc/kcore/

There are two great articles about how to aquire memory on Linux using linpmem: [SANS](https://digital-forensics.sans.org/media/rekall-memory-forensics-cheatsheet.pdf) [holdmybeersecurity](https://holdmybeersecurity.com/2017/07/29/rekall-memory-analysis-framework-for-windows-linux-and-mac-osx/) Trying the approach from [holdmybeersecurity](https://holdmybeersecurity.com/2017/07/29/rekall-memory-analysis-framework-for-windows-linux-and-mac-osx/) I ran into the following issue, which seems to be a more general problem:

wget https://github.com/google/rekall/releases/download/v1.5.1/linpmem-2.1.post4 
    chmod +x linpmem-2.1.post4
    ./linpmem-2.1.post4 -o mem.aff4r

Is running directly and creating a big file (stopped it > 160GB). Checking linpmem more closly it relies on linux memory mapping /proc/kcore to acquire the data.

sudo ls -lh /proc/kcore
-r-------- 1 root root 128T Dec 12 11:32 /proc/kcore

This is huge! As stated [here](https://unix.stackexchange.com/a/258629/318139) ... > ... /proc/kcore is the virtual allocation of your RAM for the kernel. On 64 bit systems that size can be an absolute limit of 128T since that is the most the system can allocate. which is kind of against the man proc: /proc/kcore This file represents the physical memory of the system and is stored in the ELF core file format. With this pseudo-file, and an unstripped kernel (/usr/src/linux/vmlinux) binary, GDB can be used to examine the current state of any kernel data structures. The total length of the file is the size of physical memory (RAM) plus 4 KiB. **So the big question is: How to aquire the memory/swap only, but not the HDD content?**