Testing Memory Forensics Tools for the Macintosh OS X Operating System
| Autor: | Charles B. Leopard, Neil C. Rowe, Michael McCarrin |
|---|---|
| Přispěvatelé: | Naval Postgraduate School (U.S.), Computer Science (CS) |
| Rok vydání: | 2018 |
| Předmět: |
Computer science
Digital forensics digital forensics acquisition 020207 software engineering 02 engineering and technology General Medicine computer.software_genre Memory forensics Macintosh testing OSX 0202 electrical engineering electronic engineering information engineering OS X Operating system main memory 020201 artificial intelligence & image processing computer |
| Popis: | A shortened version of this paper appeared in the Proceedings of the Ninth EAI International Conference on Digital Forensics and Computer Crime, Prague, Czech Republic, October 2017. The article of record as published may be found at http://dx.doi.org/10.15394/jdfsl.2018.1491 Memory acquisition is essential to defeat anti-forensic operating-system features and investigate cyberattacks that leave little or no evidence in secondary storage. The forensic community has developed tools to acquire physical memory from Apple's Macintosh computers, but they have not much been tested. This work tested three major OS X memory-acquisition tools. Although the tools could capture system memory accurately, the open-source tool OSXPmem appeared advantageous in size, reliability, and support for memory configurations and versions of the OS X operating system. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|