I have manage to extract the volatile memory from the android emulator using LiME and using volatility to further analyze the memory.
After running the command:
$ python vol.py --profile=LinuxGoldfish3_4ARM -f /path/to/lime.dump linux_pslist
I received the following:
Volatility Foundation Volatility Framework 2.3.1 Offset Name Pid Uid Gid DTB Start Time ---------- -------------------- --------------- --------------- ------ ---------- ----------
May I know why nothing is being returned ?
I would make extra sure that the profile you're using reflects the kernel that is running on your device. I had this same problem when creating a volatility profile that used a System.map file which didn't quite match what was on my Samsung S2 I9100T.
If you're interested in testing on a real device (or using a custom ROM in your emulator environment) I followed these build guides with the appropriate ROM and kernel downloaded from the cyanogenmod git repo and was able to dump memory using LiME and then successfully analyse it in volatility.
