Memory Forensics and the Macintosh OS X Operating System
| Autor: | Neil C. Rowe, Michael McCarrin, Charles B. Leopard |
|---|---|
| Rok vydání: | 2018 |
| Předmět: |
Computer science
Digital forensics 020207 software engineering 02 engineering and technology Work in process computer.software_genre Memory forensics 0202 electrical engineering electronic engineering information engineering OS X Operating system 020201 artificial intelligence & image processing Memory acquisition computer Reliability (statistics) |
| Zdroj: | Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ISBN: 9783319736969 ICDF2C |
| DOI: | 10.1007/978-3-319-73697-6_13 |
| Popis: | Memory acquisition is essential to defeat anti-forensic operating system features and investigate clever cyberattacks that leave little or no evidence on physical storage media. The forensic community has developed tools to acquire physical memory from Apple’s Macintosh computers, but they have not much been tested. This work in progress tested three major OS X memory-acquisition tools. Although all tools tested could capture system memory in most cases, the open-source tool OSXPmem bettered its proprietary counterparts in reliability and support for memory configurations and versions of the OS X operating system. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|