![]() ![]() The problem is that to acquire data, some tools like netstat, lsof, ifconfig must be executed. Most standards and best practice guidelines, such as the “Computer Security Incident Handling Guide” from NIST or RFC 3227 “Guidelines for Evidence Collection and Archiving”, include procedures of gathering volatile data: current network connections, running processes, users sessions, kernel parameters, open files etc. With the increasing number of Apple Macintosh computers in the industry, the investigation of Mac OSX RAM content is becoming very important. Additionally, a growing number of infections show us that the memory content will be the only place where evidence can be found.įrom a forensic perspective, RAM is extremely important, because it gives an idea of what the computer was doing at the time of analysis. It is quite obvious that we can loose evidence if we omit volatile data during an acquisition procedure. A large amount of clear text sensitive information resides only within the RAM, assuming that the OS will prevent unauthorized access and that when the computer is powered off the content will be unavailable. The Random-Access Memory ( RAM) is an area of the computer which is used to store data while the computer is working on it. More complex and unreliable is the acquisition of volatile memory. The reasons are simple: the acquisition procedure is quite easy, so an expert is not strictly required, and there are a plenty of examination tools available on the market that can be used to investigate the collected data. To make an accurate and reliable copy of the data stored on hard disks, there are well documented and reliable procedures. The forensic analysis of a computer involves many complex and delicate tasks. This is not a guide for dumping or analysing memory. #DUMP MAC OSX MEMORY FOR ANALYSIS MAC OS X#This article is an overview of current methods and tools for volatile memory analysis of a Apple Mac OS X system additional references for each subject are listed. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |