DalvikVM support for Volatility
by Holger Macht
Hi,
I've uploaded a tarball [1] containing a number of Volatility plugins which
provide support for the DalvikVM and Android. I didn't provide a
patch set, because there are only new files included. However, I can do
so or can open an issue, whatever would be most convenient.
The plugins are named:
- dalvik_find_gdvm_offset
- dalvik_vms
- dalvik_loaded_classes
- dalvik_class_information
- dalvik_find_class_instance
- dalvik_app_mirrored
Any comments would be appreciated. This is part of a research project I
need to have finished by the end of the year, so if someone suggests
fundamental changes, I most likely won't have the immediate time to look
at it. Just wanted to provide my code, because obviously there is some
interest (cf. vol-users@).
Ideally, I could get a branch in SVN to get this integrated into
upcoming Volatility releases.
I've attached a README.dalvik which gives some meta information about
the plugins and could become a corresponding wiki article.
Thanks to Joe Sylve and Andrew Case for providing me with some initial
guidelines.
Regards,
Holger
[1] http://www.homac.de/files/Volatility-Dalvik-support-v1.tar.bz2
11 years, 5 months
- 2
- 2
Development opportunities
by fuchee vang
Hi,
I'm a forensics developer hoping to help out with this project. Let me know
if you have anything that needs working on and hopefully I can contribute
to this great open source project. Thanks.
Regards,
Fuchee Vang
11 years, 8 months
- 2
- 1