AVML v0.13 releases: Acquire Volatile Memory for Linux

Acquire Volatile Memory for Linux (AVML)

AVML is an X86_64 userland volatile memory acquisition tool written in Rust, intended to be deployed as a static binary. AVML can be used to acquire memory without knowing the target OS distribution or kernel a priori. No on-target compilation or fingerprinting is needed.

Acquire Volatile Memory for Linux


  • Save recorded images to external locations via Azure Blob Store or HTTP PUT
  • Automatic Retry (in case of network connection issues) with exponential backoff for uploading to Azure Blob Store
  • Optional page-level compression using Snappy.
  • Uses LiME output format (when not using compression).

Memory Sources

  • /dev/crash
  • /proc/kcore
  • /dev/mem

If the memory source is not specified on the commandline, AVML will iterate over the memory sources to find a functional source.

Changelog v0.13

Install && Use

Copyright (c) Microsoft Corporation. All rights reserved.