Hi All,
I'm trying to make a profile for android device.
I did a memory dump with LiME of an HTC One X (Android 4.0.3, HTC Sense 4.0, kernel 2.6.39.4-g6b459dc).
Now, following the instruction here
https://code.google.com/p/volatility/wiki/LinuxMemoryForensics , I was trying to understand how to modify the makefile under volatility/tools/linux/ , in order to point to my kernel source. The thing is that in from my kernel source folder I couldn't find a proper value for KDIR and KVER (although they should be pretty straightforward according to their name) that would fit with the path for make command as from the following source code:
pmem: pmem.c
$(MAKE) -C $(KDIR)/lib/modules/$(KVER)/build M=$(PWD) modules
dwarf: module.c
$(MAKE) -C $(KDIR)/lib/modules/$(KVER)/build CONFIG_DEBUG_INFO=y M=$(PWD) modules
dwarfdump -di module.ko > module.dwarf
$(MAKE) -C $(KDIR)/lib/modules/$(KVER)/build M=$(PWD) clean
Did anyone ever created an android profile? Any hint?
I've seen in the mailing list archive a thread "Profile (ZIP) for Android 4.0.3" from Mike (in Cc), any news about that?
Thank you
P.
--
Pasquale Stirparo, MEng
GCFA, OPST, OWSE, ECCE
European Commission - JRC Joint Research Centre
Institute for the Protection and Security of the Citizen (IPSC)
Digital Citizen Security Unit
Via E. Fermi, 2749 - TP 361
21027 Ispra (VA) - Italy
PGP Key: 0x4C589FB2
Fingerprint: 776D F072 3F43 D5DE CB55 86D2 55FF 14A7 4C58 9FB2
Disclaimer: The views expressed are purely those of the writer and may not in any circumstance be regarded as stating an official position of the European Commission.