[Vol-users] Recover password from memory dump

Massimo Canonico mex at di.unipmn.it
Fri Apr 29 10:53:19 CDT 2016


Hi all,
I'm new on volatility so sorry if this question does not fit the purpose 
of this mailing list.

I was starting play with LiME (Linux Memory Extract)[1] and I was able 
to dump a memory image of an Android Emulator where ChatSecure[2] was 
running.

ChatSecure asked a master password at the first run and this password is 
stored by using a library called CacheWord [3].

Here the question: in order to find out if ChatSecure stores this 
password in memory, how should I use volatility?

A doc/tutorial link or any suggestion are more than welcome.

Thanks,
     Massimo

[1] https://github.com/504ensicsLabs/LiME
[2] https://github.com/guardianproject/ChatSecureAndroid
[3] https://github.com/guardianproject/cacheword


More information about the Vol-users mailing list