Acquiring volatile memory from Android based devices with LiME Forensics, Part I

Posted by Ismael Valenzuela
April 24, 2012

Android Memory Acquisition My first guest post on the Open Security Research Blog was published yesterday. In this post I walk through the steps required to install and compile LiME Forensics, a Loadable Kernel Module that allows you to dump the full contents of memory of an Android based device. The instructions have been tested successfully on Ubuntu 11.10, with Java SE Development Kit 6 Update 31, the Android SDK r18, NDK r7c and with the emulator running an Android Viritual Device (avd) based on Android 4.0.3 (API 15).

If you spot any errors, typos or mistakes please let me know, as I spent endless hours dealing with “cross-compiling kernel modules for Android” headaches. Actually the aim of this post is to save you from “some” of that pain when compiling LiME.

Enjoy and stay tuned for Part II!

Information and Links

Join the fray by commenting, tracking what others have to say, or linking to it from your blog.

Information: April 24th, 2012; No Responses

Feeds and Links: Comment Feed; From This Author; Del.icio.us; Digg; Technorati

Categories and Tags: Android; Forensics; android forensics, Android memory acquisition, Forensics, LiME Forensics, Open Security Research Blog

Other Posts: Slides from my Android Forensics talk at the Symposium for Android Security in Malaga

Reader Comments

Be the first to leave a comment!

Passionate about Information Security