Memory forensics and the Macintosh OS X operating system
Leopard, Charles B.
Rowe, Neil C.
McCarrin, Michael R.
MetadataShow full item record
Memory acquisition is essential to defeat anti-forensic operating system features and investigate clever cyberattacks that leave little or no evidence on physical storage media. The forensic community has developed tools to acquire physical memory from Apple’s Macintosh computers, but they have not much been tested. This work in progress tested three major OS X memory-acquisition tools. Although all tools tested could capture system memory in most cases, the open-source tool OSXPmem bettered its proprietary counterparts in reliability and support for memory configurations and versions of the OS X operating system.
This paper appeared in the Proceedings of the 9th EAI International Conference on Digital Forensics and Computer Crime, Prague, CZ, October 2017.
Showing items related by title, author, creator and subject.
Song, G.; Kelly, B.; Agrawal, B.N. (1999);This paper presents the design and experiment results of active position control of a shape memory alloy (SMA) wires actuated composite beam. The composite beam is honeycomb structured with shape memory alloy wires embedded ...
Designing a virtual-memory implementation using the Motorola MC68010 16 bit microprocessor with multi-processor capability interfaced to the VMEbus Sendek, David M. (Monterey, California: Naval Postgraduate School, 1990-06);The primary purpose of this thesis is to explore and discuss the hardware design of a bus-oriented microprocessor system. A bus-oriented microprocessor system permits it to be expanded to a multi-processor system. Through ...
Bernstein, Raymond F. (Monterey, California. Naval Postgraduate School, 1995-12);This work describes a scaleable, high performance, pipelined, vector processor architecture. Special emphasis is placed on performing fast Fourier transforms with mixed-radix butterfly operations. The initial motivation ...