Testing Memory Forensics Tools for the Macintosh OS X Operating System
Author
Leopard, Charles B.
Rowe, Neil C.
McCarrin, Michael R.
Date
2018-03-31Metadata
Show full item recordAbstract
Memory acquisition is essential to defeat anti-forensic operating-system features and investigate
cyberattacks that leave little or no evidence in secondary storage. The forensic community has
developed tools to acquire physical memory from Apple's Macintosh computers, but they have not
much been tested. This work tested three major OS X memory-acquisition tools. Although the
tools could capture system memory accurately, the open-source tool OSXPmem appeared
advantageous in size, reliability, and support for memory configurations and versions of the OS X
operating system.
Description
A shortened version
of this paper appeared in the Proceedings of the Ninth EAI International Conference on Digital Forensics and
Computer Crime, Prague, Czech Republic, October 2017.
The article of record as published may be found at http://dx.doi.org/10.15394/jdfsl.2018.1491
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Collections
Related items
Showing items related by title, author, creator and subject.
-
Designing a virtual-memory implementation using the Motorola MC68010 16 bit microprocessor with multi-processor capability interfaced to the VMEbus
Sendek, David M. (Monterey, California: Naval Postgraduate School, 1990-06);The primary purpose of this thesis is to explore and discuss the hardware design of a bus-oriented microprocessor system. A bus-oriented microprocessor system permits it to be expanded to a multi-processor system. Through ... -
Active Position Control of a Shape Memory Alloy Wire Actuated Beam
Song, G.; Kelly, B.; Agrawal, B.N. (1999);This paper presents the design and experiment results of active position control of a shape memory alloy (SMA) wires actuated composite beam. The composite beam is honeycomb structured with shape memory alloy wires embedded ... -
A pipelined vector processor and memory architecture for cyclostationary processing
Bernstein, Raymond F. (Monterey, California. Naval Postgraduate School, 1995-12);This work describes a scaleable, high performance, pipelined, vector processor architecture. Special emphasis is placed on performing fast Fourier transforms with mixed-radix butterfly operations. The initial motivation ...