Dump mac osx memory for analysis

broken image
broken image

Using a Hex Editor I could also find the output of some of the commands I had previously run on a terminal before acquiring the contents of my Mac's RAM: Today I'll provide a few more examples of what evidence can be found in a Mac OS X memory dump and how to extract it using file carving techniques. In Part 1 of this post, I showed you how to acquire the contents of physical RAM of a Mac OS X computer using ATC-NY's Mac Memory Reader, and did some simple analysis using strings and grep searches.

 

PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save