https://github.com/MobileForensicsResearch/mem

Tool used for dumping memory from Android devices
https://github.com/MobileForensicsResearch/mem

Last synced: 9 months ago
JSON representation

Tool used for dumping memory from Android devices

• Host: GitHub
• URL: https://github.com/MobileForensicsResearch/mem
• Owner: MobileForensicsResearch
• License: mit
• Created: 2015-06-10T23:09:44.000Z (over 10 years ago)
• Default Branch: master
• Last Pushed: 2015-06-12T18:15:14.000Z (over 10 years ago)
• Last Synced: 2024-10-27T23:24:52.118Z (about 1 year ago)
• Language: C
• Size: 461 KB
• Stars: 65
• Watchers: 7
• Forks: 11
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-hacking-tools - Mem - Memory analysis of Android (root required) (Android Security / Dynamic Analysis Tools)
• awesome-hacking-lists - MobileForensicsResearch/mem - Tool used for dumping memory from Android devices (C)
• fucking-android-security-awesome - Mem - Memory analysis of Android (root required) (Tools / Dynamic Analysis Tools)
• android-security-awesome - Mem - Memory analysis of Android (root required) (Tools / Dynamic Analysis Tools)

README

          
# mem

Tool used for dumping memory from Android devices. Root access is required.

./mem pid out_path

 - where pid is the target PID to capture

 - and out_path is the local dir to write output

 If out_path is not there, writes to stdout

To ensure forensic soundness, mem should be copied into memory (/dev or another tmpfs location), and netcat should be used to write data out over ADB to avoid writing to the device. Netcat versions compiled for Android can be found at https://github.com/MobileForensicsResearch/netcat

Eg:

1: On local machine run:

adb forward tcp:9999 tcp:9999

2: From adb shell run:

./mem pid | nc -l -p 9999

3: On local machine run:

nc 127.0.0.1 9999 > output_file