Dalvik Inspector (DI) Alpha

Welcome download page for Dalvik Inspector (DI) Alpha!

Dalvik Inspector (DI) Alpha is a free, cross-platform GUI tool for analysis of Dalvik-level objects from dumps of physical RAM from Android devices. RAM dumps can be acquired using Lime, and parsing makes use the Volatility Framework.

Dalvik is the process Virtual Machine used by Android that powers all non-native applications used on Android devices. Through memory analysis using DI, a wealth of insight can be gained into the workings of a running application, including seeing all instantiated objects (of each class) and the variables, methods, and other per-instance class information. Analysis of structures at this level allows investigators to see internal application-level state in its “native” form. This is an important evolution in state of cutting edge memory forensics, which allows the investigator to move above the kernel level and see higher-level structures in readable form and with broad context.

Platforms: Windows, Linux (tested on Ubuntu), and OS X