AVML v0.13 releases: Acquire Volatile Memory for Linux

Acquire Volatile Memory for Linux (AVML)

AVML is an X86_64 userland volatile memory acquisition tool written in Rust, intended to be deployed as a static binary. AVML can be used to acquire memory without knowing the target OS distribution or kernel a priori. No on-target compilation or fingerprinting is needed.

Features

• Save recorded images to external locations via Azure Blob Store or HTTP PUT
• Automatic Retry (in case of network connection issues) with exponential backoff for uploading to Azure Blob Store
• Optional page-level compression using Snappy.
• Uses LiME output format (when not using compression).

Memory Sources

• /dev/crash
• /proc/kcore
• /dev/mem

If the memory source is not specified on the commandline, AVML will iterate over the memory sources to find a functional source.

Changelog v0.13

• update dependencies (#363), (#364), (#366), (#367), (#372), (#375), (#377), (#378), (#379), (#383), (#384), (#385), (#386), (#388), (#390), (#391), (#392), (#393), (#394), (#395), (#396), (#397), (#398), (#400)
• address clippy issues from 1.72.0 (#374)
• group azure dependencies together (#387)
• update github actions via dependabot (#389)
• update minimum supported rust version (#399)
• prep 0.13.0 release (#401)

Install && Use

Copyright (c) Microsoft Corporation. All rights reserved.