Wouter & Craig, The pi-getram utility in the pilot-link package dumps the full contents of RAM from a Palm device. Therefore, this may not work with Psion Revo: # pi-getram /dev/cua0 ram.dump.081301 There are tools available to law enforcement that allow for more advanced analysis of a wider range of embedded systems. I expect that these tools will become more widely available as the need increases. Eoghan Casey Information Security Office Yale University > For Palm, a plain sync with pilot-link (Unix) will create a full copy of > everything the PDA deems "active" data (including records marked > "deleted but save on PC"). It will not copy unallocated memory. For > that, one would have to either use the built-in debugger if the Palm by > accident has a debug ROM (see @Stake advisory for this) which is best as > it does not disturb the data on the device (and bypasses the sync > password). If not, you will have to install a memory dumping program to > do this for you, thereby disturbing the state on the PDA and erasing at > least the amount of memory needed for the dumping program. Such programs > are available for development. > > With kind regards, > Wouter Slegers > Your Creative Solutions ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 15:32:20 PDT