Re: [Vol-users] Password recovery from memory dump

Hi, thanks to your suggestion, I make great progresses but I still not get the target: localize the master password of an android app. I run the app and set a password as "mypassword2016". With yarascan I was able to see that this password is store in memory in unicode (I run "python vol.py linux_yarascan -W -A -Y "mypassword2016""). Then, I would like to see if there some "signature" that helps me to locate the password. So I decide to use volshell and see around the passwod, but I have no luck (see the attachment, where I showed that there is before and after of the two occurrences of the password "mypassword2016"). Of course I've repeated the same workflow for other two passwords, but I did not get anything that helps me to figure out if there is way to locate where the password is store. Do you have any suggestion, please? Thanks in advance, Massimo _______________________________________________ Vol-users mailing list Vol-users(a)volatilityfoundation.org http://lists.volatilityfoundation.org/mailman/listinfo/vol-users