AVML v0.1.5 releases: Acquire Volatile Memory for Linux
Acquire Volatile Memory for Linux (AVML)
AVML is an X86_64 userland volatile memory acquisition tool written in Rust, intended to be deployed as a static binary. AVML can be used to acquire memory without knowing the target OS distribution or kernel a priori. No on-target compilation or fingerprinting is needed.
- Save recorded images to external locations via Azure Blob Store or HTTP PUT
- Automatic Retry (in case of network connection issues) with exponential backoff for uploading to Azure Blob Store
- Optional page-level compression using Snappy.
- Uses LiME output format (when not using compression).
If the memory source is not specified on the commandline, AVML will iterate over the memory sources to find a functional source.
- verify ‘cargo fmt’ on build
- handle force aligning to page boundaries for /dev/crash
- add conversion tests
Copyright (c) Microsoft Corporation. All rights reserved.