[Vol-users] Android Analysis

felipecboeira . felipecboeira at gmail.com
Wed Oct 8 12:01:38 CDT 2014


Hi all,
I have acquired an android RAM image by using Lime and now I am using
volatility to analyze it. I have created a profile and can now list
processes, etc. What I need to do is inspect an integer array of a kernel
module, which I have the address. I tried using volshell's dd() but I
believe it is not showing the correct values. How can I certify that the
virtual address is being calculated correctly by volatility?

Thanks in advance,
Felipe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20141008/12b2be93/attachment.html


More information about the Vol-users mailing list