Hi People, i'm new to this forum so pardon me for any mistakes i make in my posting. Anyway, i recently dumped the RAM out of my Samsung Galaxy Nexus phone and i wanted to use Volatility to analyze it. However, i am having the issue to build up my profile.
From what i understand, one must zip up the module.dwarf file as well as the memory map file together and place it in the appropriate folder. So after extracting the /proc/kallsyms file from my Galaxy Nexus, i zipped it up together with the module.dwarf file into a zip folder called samsung.zip and placed it in /root/majorProject/volatility/volatility/plugins/overlays/linux.
However, when i run command:
#python vol.py -- info | grep Profile
I do not see my samsung galaxy nexus profile being built up. All i see are the default profiles for Windows Vista/XP, etc...I verified this by typing the command:
#python vol.py -- info | grep Linux
Volatile Systems Volatility Framework 2.3_beta
linux_yarascan - A shell in the Linux memory image
Any ideas/help within this area would be deeply appreciated thank you