I'm about to investigate the forensic examination of a Linux physical memory. I have left an ARM Linux which is not listed in the profile instability, so I could get this process more using the hex editor and get the latest command. Here is the question, how can I create the Valletti profile, I need to offset network connections first, open ports, sockets ... then go for voyage. I can get some information in the memory dump by the hex editor, there is someone who can help me how to get relief. And is it necessary to find all the offsets and address spaces of each information before creating the instability profile?
For network related probes, carve for PPP file. Use of T-shark to remove residues from PAPT file
Comments
Post a Comment