-
Notifications
You must be signed in to change notification settings - Fork 0
Conclusions
Sam Duy edited this page May 31, 2018
·
1 revision
Internal of Volatility has been investigated and understood. Feasibility of using Volatility to conduct memory forensics on uClinux systems has been confirmed (tested on QEMU with Versatile PB).
Other new Profiles and Address Spaces can be developed.
Other Linux kernel versions support can be developed.
We were not able to examine a memory dump obtained from a real uClinux device (Foscam IP camera), due to the issue of “no System.map or debug symbols”.
How to create a Linux profile on the system in which System.map is not available (and all debug symbols have been stripped down by the maker) could be an idea for the next project?
- Background
- Anatomy of Volatility
- Profile for Volatility
- uClinux profile for Volatility
- Results
- Conclusion
- Advanced topics