Skip to main content

Table 2 Different Volatility plug-ins and their runtime using a dump file and the BMA

From: A flexible framework for mobile device forensics based on cold boot attacks

Plug-in Results (LiME dump) Results (BMA) Time (LiME dump) Time (BMA)  
linux_pslist 230 entries 225 entries 03.54 s 24.23 s  
linux_iomem 138 entries 138 entries 02.18 s 08.97 s  
linux_proc_maps (init) 9 entries 9 entries 02.00 s 06.03 s  
linux_dump_maps (init, heap) 340.0 KB 340.0 KB 01.98 s 35.84 s  
linux_dump_maps (init, stack) 139.3 KB 139.3 KB 01.94 s 07.02 s  
linux_proc_maps (rild) 156 entries 156 entries 05.38 s 18.55 s  
linux_dump_maps (rild, heap) 380.9 KB 380.9 KB 02.05 s 41.48 s  
linux_dump_maps (rild, stack) 139.3 KB 139.3 KB 02.06 s 08.29 s