So, what’s the easiest way to get up and running with the tool for memory acquisition? One of its greatest features is its output to an AFF4 volume, which has a ton of useful features (likely to be discussed in a dedicated post in the future as well). While I will be delving into Rekall in a future post, for this we will simply be focusing on OSXpmem, which is an awesome command-line utility for quickly and easily collecting RAM from a Mac system. ![]() Rekall itself is actually a very useful utility built for both memory acquisition and live memory analysis on Windows, Linux, and OSX systems. OSXpmem is a part of the pmem suite created by the developers of Rekall. Let’s have a look at memory acquisition of OSX systems using a nifty tool called OSXpmem. Macs need love and disk/memory analysis as well, amirite? Well, with my most recent two part Mac post as well as this one, I’m attempting to change this, my friends! I find this odd, considering the surge in usage and deployment over the last several years, particularly within enterprises. ![]() We see blog posts all the time about Windows forensics and malware analysis techniques, along with some Linux forensic analysis, but rarely do we see any posts about Mac technical/forensic analysis or techniques. Macs don’t get much love in the forensics community, aside from (Sarah Edwards), (Patrick Olsen), (Patrick Wardle), and a few other incredibly awesome pioneers in the field.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |