Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
Journal of Digital Forensics, Security and Law
Digital forensics; acquisition; main memory; Macintosh; OSX; testing
Articles 1 - 1 of 1
Full-Text Articles in Physical Sciences and Mathematics
Testing Memory Forensics Tools For The Macintosh Os X Operating System, Charles B. Leopard, Neil C. Rowe, Michael R. Mccarrin
Testing Memory Forensics Tools For The Macintosh Os X Operating System, Charles B. Leopard, Neil C. Rowe, Michael R. Mccarrin
Journal of Digital Forensics, Security and Law
Memory acquisition is essential to defeat anti-forensic operating-system features and investigate cyberattacks that leave little or no evidence in secondary storage. The forensic community has developed tools to acquire physical memory from Appleās Macintosh computers, but they have not much been tested. This work tested three major OS X memory-acquisition tools. Although the tools could capture system memory accurately, the open-source tool OSXPmem appeared advantageous in size, reliability, and support for memory configurations and versions of the OS X operating system.