What andrew said us completely accurate. What is your specific use case
(if I may ask)?
On May 29, 2014 8:33 PM, "Andrew Case" <atcuno(a)gmail.com> wrote:
If phone is rooted you can then just insmod the
compiled LiME module
into it.
If the phone is not rooted then the best case is temporarily rooting the
phone (using an exploit that does not require a reboot), and then using
the temp root access to load the module.
Thanks,
Andrew (@attrc)
On 5/17/2014 8:10 AM, masdif wrote:
Hi all,
Android Memory acquisition will be part of a paper I have to write. So
far I have no problem to follow the description for an AVD on
https://code.google.com/p/volatility/wiki/AndroidMemoryForensic
Please excuse this noob question (and my bad English) but I'm going
crazy figuring this out:
Can LiME be used in real life Android forensics that is Android memory
is acquired without having to reboot the Android device beforehand?
Let's say:
I get an running Android mobile phone and for some lucky reason it is
both rooted and the user interface unlocked. (Are there any statistics
available how often this is the case?) My task is to acquire its RAM.
As far as I understood in order to use Lime for RAM acquisition I have to
a) get the Android kernel's source code from the manufacturer,
b) cross compile a new kernel with some settings for later being able to
insmod the LiME kernel module,
c) flash the compiled kernel onto the phone and
d) reboot the phone to get the new kernel running, which
e) destroys all the RAM I wanted to acquire, before I can
f) insmod LiME.
Please be patient and give me a hint where I'm going wrong?!
All papers I found so far used prepared phones.
Thanks a lot and have a nice weekend,
Philipp
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users