AVML v0.13 releases: Acquire Volatile Memory for Linux
Acquire Volatile Memory for Linux (AVML)
AVML is an X86_64 userland volatile memory acquisition tool written in Rust, intended to be deployed as a static binary. AVML can be used to acquire memory without knowing the target OS distribution or kernel a priori. No on-target compilation or fingerprinting is needed.
Features
- Save recorded images to external locations via Azure Blob Store or HTTP PUT
- Automatic Retry (in case of network connection issues) with exponential backoff for uploading to Azure Blob Store
- Optional page-level compression using Snappy.
- Uses LiME output format (when not using compression).
Memory Sources
- /dev/crash
- /proc/kcore
- /dev/mem
If the memory source is not specified on the commandline, AVML will iterate over the memory sources to find a functional source.
Changelog v0.13
- update dependencies (#363), (#364), (#366), (#367), (#372), (#375), (#377), (#378), (#379), (#383), (#384), (#385), (#386), (#388), (#390), (#391), (#392), (#393), (#394), (#395), (#396), (#397), (#398), (#400)
- address clippy issues from 1.72.0 (#374)
- group azure dependencies together (#387)
- update github actions via dependabot (#389)
- update minimum supported rust version (#399)
- prep 0.13.0 release (#401)
Install && Use
Copyright (c) Microsoft Corporation. All rights reserved.
