https://github.com/MobileForensicsResearch/mem

Tool used for dumping memory from Android devices
https://github.com/MobileForensicsResearch/mem

Last synced: about 2 months ago
JSON representation

Tool used for dumping memory from Android devices

• Host: GitHub
• URL: https://github.com/MobileForensicsResearch/mem
• Owner: MobileForensicsResearch
• License: mit
• Created: 2015-06-10T23:09:44.000Z (almost 10 years ago)
• Default Branch: master
• Last Pushed: 2015-06-12T18:15:14.000Z (almost 10 years ago)
• Last Synced: 2024-10-27T23:24:52.118Z (6 months ago)
• Language: C
• Size: 461 KB
• Stars: 65
• Watchers: 7
• Forks: 11
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-hacking-tools - Mem - Memory analysis of Android (root required) (Android Security / Dynamic Analysis Tools)
• android-security-awesome - Mem - Memory analysis of Android (root required) (Tools / Dynamic Analysis Tools)
• awesome-hacking-lists - MobileForensicsResearch/mem - Tool used for dumping memory from Android devices (C)

README

        
# mem

Tool used for dumping memory from Android devices. Root access is required.

./mem pid out_path

 - where pid is the target PID to capture

 - and out_path is the local dir to write output

 If out_path is not there, writes to stdout

To ensure forensic soundness, mem should be copied into memory (/dev or another tmpfs location), and netcat should be used to write data out over ADB to avoid writing to the device. Netcat versions compiled for Android can be found at https://github.com/MobileForensicsResearch/netcat

Eg:

1: On local machine run:

adb forward tcp:9999 tcp:9999

2: From adb shell run:

./mem pid | nc -l -p 9999

3: On local machine run:

nc 127.0.0.1 9999 > output_file