[Vol-users] Android Memory Forensics without System.map
Quentin Chaki Cha
quenberry at hotmail.com
Wed Oct 2 21:52:07 CDT 2013
Hi guys, i'm working on a project to analyze memory dumps of Android devices with Volatility. But it seems that it isn't possible to do so if the source code does not provide me with the System.map file. I can't compile my own System.map file using commands like "make ARCH=arm CROSS_COMPILE=$CCOMPILER" (this would give me inaccurate addresses) nor can i use the /proc/kallsyms (this does not have symbols required for volatility to prepare) file from the Android device itself. I just wanna verify, is it actually still possible for me to use volatility to analyze this memory dump if the System.map file wasn't distributed with the headers/source? Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Vol-users