Testing Memory Forensics Tools for the Macintosh OS X Operating System
dc.contributor.author | Leopard, Charles B. | |
dc.contributor.author | Rowe, Neil C. | |
dc.contributor.author | McCarrin, Michael R. | |
dc.date | 3/31/2018 | |
dc.date.accessioned | 2019-02-01T20:25:35Z | |
dc.date.available | 2019-02-01T20:25:35Z | |
dc.date.issued | 2018-03-31 | |
dc.identifier.citation | Leopard, Charles B., Neil C. Rowe, and Michael R. McCarrin. "TESTING MEMORY FORENSICS TOOLS FOR THE MACINTOSH OS X OPERATING SYSTEM." The Journal of Digital Forensics, Security and Law: JDFSL 13.1 (2018): 31-42. | en_US |
dc.identifier.uri | https://hdl.handle.net/10945/61135 | |
dc.description | A shortened version of this paper appeared in the Proceedings of the Ninth EAI International Conference on Digital Forensics and Computer Crime, Prague, Czech Republic, October 2017. | |
dc.description | The article of record as published may be found at http://dx.doi.org/10.15394/jdfsl.2018.1491 | en_US |
dc.description.abstract | Memory acquisition is essential to defeat anti-forensic operating-system features and investigate cyberattacks that leave little or no evidence in secondary storage. The forensic community has developed tools to acquire physical memory from Apple's Macintosh computers, but they have not much been tested. This work tested three major OS X memory-acquisition tools. Although the tools could capture system memory accurately, the open-source tool OSXPmem appeared advantageous in size, reliability, and support for memory configurations and versions of the OS X operating system. | en_US |
dc.format.extent | 12 p. | en_US |
dc.publisher | Embry-Riddle Aeronautical University | en_US |
dc.rights | This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States. | en_US |
dc.title | Testing Memory Forensics Tools for the Macintosh OS X Operating System | en_US |
dc.type | Article | en_US |
dc.contributor.corporate | Naval Postgraduate School (U.S.) | en_US |
dc.contributor.department | Computer Science (CS) | |
dc.subject.author | digital forensics | en_US |
dc.subject.author | acquisition | en_US |
dc.subject.author | main memory | en_US |
dc.subject.author | Macintosh | en_US |
dc.subject.author | OSX | en_US |
dc.subject.author | testing | en_US |