Table 2 Different Volatility plug-ins and their runtime using a dump file and the BMA
From: A flexible framework for mobile device forensics based on cold boot attacks
Plug-in | Results (LiME dump) | Results (BMA) | Time (LiME dump) | Time (BMA) | |
|---|---|---|---|---|---|
linux_pslist | 230 entries | 225 entries | 03.54 s | 24.23 s | |
linux_iomem | 138 entries | 138 entries | 02.18 s | 08.97 s | |
linux_proc_maps (init) | 9 entries | 9 entries | 02.00 s | 06.03 s | |
linux_dump_maps (init, heap) | 340.0 KB | 340.0 KB | 01.98 s | 35.84 s | |
linux_dump_maps (init, stack) | 139.3 KB | 139.3 KB | 01.94 s | 07.02 s | |
linux_proc_maps (rild) | 156 entries | 156 entries | 05.38 s | 18.55 s | |
linux_dump_maps (rild, heap) | 380.9 KB | 380.9 KB | 02.05 s | 41.48 s | |
linux_dump_maps (rild, stack) | 139.3 KB | 139.3 KB | 02.06 s | 08.29 s |