Cannot Build Volatility Profile

Question

i recently dumped the RAM out of my Samsung Galaxy Nexus phone and i wanted to use Volatility to analyze it. However, i am having the issue to build up my profile.

From what i understand, one must zip up the module.dwarf file as well as the memory map file together and place it in the appropriate folder. So after extracting the /proc/kallsyms file from my Galaxy Nexus, i zipped it up together with the module.dwarf file into a zip folder called samsung.zip and placed it in /root/majorProject/volatility/volatility/plugins/overlays/linux.

However, when i run command:

#python vol.py -- info | grep Profile

I do not see my samsung galaxy nexus profile being built up. All i see are the default profiles for Windows Vista/XP, etc...I verified this by typing the command:

#python vol.py -- info | grep Linux
Volatile Systems Volatility Framework 2.3_beta
linux_yarascan - A shell in the Linux memory image

Any ideas/help within this area would be deeply appreciated thank you

Answer 1

Try naming the zip file in the format Omap-3.0.31.zip. Where in my case Omap is the branch name and -3.0.31 is the version number for the kernel (which can be found by dropping into an adb shell and typing cat /proc/version). It worked for me and it appears to me that the profile would have to come from the name of the zip file. Hope that helps man, good luck.