Acquiring volatile memory from Android based devices with LiME Forensics, Part I

Android Memory AcquisitionMy first guest post on the Open Security Research Blog was published yesterday. In this post I walk through the steps required to install and compile LiME Forensics, a Loadable Kernel Module that allows you to dump the full contents of memory of an Android based device. The instructions have been tested successfully on Ubuntu 11.10, with Java SE Development Kit 6 Update 31, the Android SDK r18, NDK r7c and with the emulator running an Android Viritual Device (avd) based on Android 4.0.3 (API 15).

If you spot any errors, typos or mistakes please let me know, as I spent endless hours dealing with “cross-compiling kernel modules for Android” headaches. Actually the aim of this post is to save you from “some” of that pain when compiling LiME.

Enjoy and stay tuned for Part II!

Slides from my Android Forensics talk at the Symposium for Android Security in Malaga

I have just uploaded to the Papers & Presentations section the slides for my talk on “Latest Advances in Android Forensics” (in Spanish) at the 1st International Symposium for Android Security held in Malaga last week:

[Read more…]

Time for new challenges: Working for McAfee Foundstone Services

This is the post I should have written months ago, actually back in November last year, when I joined the Foundstone practice (part of McAfee Strategic Security Services) as Principal Architect for EMEA.

But time has been scarce, with lots of new developments and challenges both in my personal and professional life, including spending a month in New York (thanks to the Foundstone crew in Manhattan for their hospitality!), teaching Malware Analysis along with Christiaan Beek, Melissa Augustine and the rest of the Foundstone EMEA team in BlackHat Abu Dhabi and catching ‘chombies’ and other malware on various Incident Response engagements across Europe.

[Read more…]