Research Article
Memory Forensics and the Macintosh OS X Operating System
237 downloads
@INPROCEEDINGS{10.1007/978-3-319-73697-6_13, author={Charles Leopard and Neil Rowe and Michael McCarrin}, title={Memory Forensics and the Macintosh OS X Operating System}, proceedings={Digital Forensics and Cyber Crime. 9th International Conference, ICDF2C 2017, Prague, Czech Republic, October 9-11, 2017, Proceedings}, proceedings_a={ICDF2C}, year={2018}, month={1}, keywords={Digital forensics Acquisition Main memory Apple Macintosh OSX Testing MacQuisition OSXPMem RECON Reserved area}, doi={10.1007/978-3-319-73697-6_13} }- Charles Leopard
Neil Rowe
Michael McCarrin
Year: 2018
Memory Forensics and the Macintosh OS X Operating System
ICDF2C
Springer
DOI: 10.1007/978-3-319-73697-6_13
Abstract
Memory acquisition is essential to defeat anti-forensic operating system features and investigate clever cyberattacks that leave little or no evidence on physical storage media. The forensic community has developed tools to acquire physical memory from Apple’s Macintosh computers, but they have not much been tested. This work in progress tested three major OS X memory-acquisition tools. Although all tools tested could capture system memory in most cases, the open-source tool OSXPmem bettered its proprietary counterparts in reliability and support for memory configurations and versions of the OS X operating system.
Copyright © 2017–2024 EAI
