Closed yassine955 closed 5 months ago
eve-mem
commented
5 months ago Hello!
That's a whole new set of tools for analysis. You'll likely need to do some reverse engineering. Tools like Ghidra etc can help. It depends on your goals really.
Strings isn't going to hurt and can certainly point you in the right direction.
Good luck!
yassine955
commented
5 months ago What if I have the process, which is a Signal application. How can I find messages. I read that the best option is proc.maps
ikelos
commented
5 months ago You might get better support by asking on our slack channels? What you've posted isn't really an issue or a feature request...
yassine955
commented
5 months ago @ikelos I asked the question on the Slack Channel
I have dumped a process, like this
python3 volatility3/vol.py -vvvvvvv -r pretty -f $path/avml_dump.lime -o pid_${digit}_dump/ linux.elfs --pid $digit --dump.I now receive a bunch of files of that specific process, example:
pid.9241.crime.securesms.0x778a81943000.dmpHow can I now analyse these files further, to look for my traces. Should I really analyse each file seperatly with
strings <file>??