mem Logo

mem

0
Free
Visit Website

Tool used for dumping memory from Android devices. Root access is required. ./mem pid out_path where pid is the target PID to capture and out_path is the local dir to write output. If out_path is not there, writes to stdout. To ensure forensic soundness, mem should be copied into memory (/dev or another tmpfs location), and netcat should be used to write data out over ADB to avoid writing to the device. Netcat versions compiled for Android can be found at https://github.com/MobileForensicsResearch/netcat. Eg: 1: On local machine run: adb forward tcp:9999 tcp:9999 2: From adb shell run: ./mem pid | nc -l -p 9999 3: On local machine run: nc 127.0.0.1 9999 > output_file

FEATURES

ALTERNATIVES

An anti-forensic kill-switch tool for USB ports to shut down the computer immediately in case of unauthorized access.

A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.

NBD is a userland implementation of the Network Block Device protocol, allowing for remote access to block devices over a network.

Collects and organizes Linux OS data for detailed analysis and incident response.

PowerForensics is a PowerShell digital forensics framework for hard drive forensic analysis.

View physical memory as files in a virtual file system for easy memory analysis and artifact access.

ShadowCopy Analyzer is a tool for cybersecurity researchers to analyze and utilize the ShadowCopy technology for file recovery and system restoration.

A library and set of tools for accessing and analyzing storage media devices and partitions for forensic analysis and investigation.

PINNED