1. Download our Official Android App: Forums for Android!

Support Problem regarding analysing RAM using Volatility

Discussion in 'Android Help' started by mariyamjohn25, May 18, 2016.

  1. mariyamjohn25

    mariyamjohn25 Lurker
    Thread Starter
    Rank:
    None
    Points:
    5
    Posts:
    8
    Joined:
    Jan 19, 2016

    Jan 19, 2016
    8
    0
    5
    Female
    Hi,
    We have acquired RAM image of android phone using LiME & trying to analyze with volatility framework. We have downloaded volatility & now created a profile for our Android kernel.Till this it is working fine.But now we are stuck in the below command.Can some one please help

    python vol.py --profile=LinuxGT_S7582ARM -f /root/Desktop/space/ram.lime linux_psaux

    we are getting this o/p
    Volatility Foundation Volatility Framework 2.5
    Pid Uid Gid Arguments
    No suitable address space mapping found
    Tried to open image as:
    MachOAddressSpace: mac: need base
    LimeAddressSpace: lime: need base
    WindowsHiberFileSpace32: No base Address Space
    WindowsCrashDumpSpace64BitMap: No base Address Space
    WindowsCrashDumpSpace64: No base Address Space
    HPAKAddressSpace: No base Address Space
    VirtualBoxCoreDumpElf64: No base Address Space
    VMWareMetaAddressSpace: No base Address Space
    VMWareAddressSpace: No base Address Space
    QemuCoreDumpElf: No base Address Space
    WindowsCrashDumpSpace32: No base Address Space
    AMD64PagedMemory: No base Address Space
    IA32PagedMemoryPae: No base Address Space
    IA32PagedMemory: No base Address Space
    OSXPmemELF: No base Address Space
    MachOAddressSpace: MachO Header signature invalid
    MachOAddressSpace: MachO Header signature invalid
    LimeAddressSpace: Invalid Lime header signature
    WindowsHiberFileSpace32: PO_MEMORY_IMAGE is not available in profile
    WindowsCrashDumpSpace64BitMap: Header signature invalid
    WindowsCrashDumpSpace64: Header signature invalid
    HPAKAddressSpace: Invalid magic found
    VirtualBoxCoreDumpElf64: ELF Header signature invalid
    VMWareMetaAddressSpace: VMware metadata file is not available
    VMWareAddressSpace: Invalid VMware signature: 0xc0002588
    QemuCoreDumpElf: ELF Header signature invalid
    WindowsCrashDumpSpace32: Header signature invalid
    AMD64PagedMemory: Incompatible profile LinuxGT_S7582ARM selected
    IA32PagedMemoryPae: Failed valid Address Space check
    IA32PagedMemory: Failed valid Address Space check
    OSXPmemELF: ELF Header signature invalid
    FileAddressSpace: Must be first Address Space
    ArmAddressSpace: Failed valid Address Space check

    We have also tried other commands
    python vol.py --profile=LinuxGT_S7582ARM -f /root/Desktop/space/ram.lime linux_psscan

    but getting the error as below

    ERROR : volatility.debug : You must specify something to do (try -h)
     

    Advertisement

Share This Page

Loading...