±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 34173
New Yesterday: 3 Visitors: 141

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

MAC memory dump

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page Previous  1, 2 
  

Re: MAC memory dump

Post Posted: Wed May 16, 2018 11:38 am

- pr3cur50r
Axiom now has Volatility support also. Smile


Have you tried a mac RAM dump in AXIOM since the volatility support ?

I have and it wasnt able to parse the RAM dump.  

dandaman_24
Senior Member
 
 
  

Re: MAC memory dump

Post Posted: Wed May 16, 2018 12:20 pm

- dandaman_24
- pr3cur50r
Axiom now has Volatility support also. Smile


Have you tried a mac RAM dump in AXIOM since the volatility support ?

I have and it wasnt able to parse the RAM dump.


The new Mac profiles came out after we released our support with Volatility, we'll update to include the new profiles in the next update I believe.

If you want to add them before then, you can get the new volatility executable that includes the new mac profiles, go to the AXIOM install folder and swap out the volatility executable for the new one and it should work. The exe swap works pretty great if you want to use beta/test builds from Volatility too.

Jamie McQuaid
Magnet Forensics  

mcman
Senior Member
 
 
  

Re: MAC memory dump

Post Posted: Fri Jul 13, 2018 7:00 am

Another option is the pmem suite of tools here. Volatility has support for the format as does Google's Rekall.
_________________
Hoyt Harness, CFCE
-----------------
github.com/hoyt-harness
positronikal.github.io/
thepositronikal.blogspot.com/
www.revealforensic.com/ 

hoyt.harness
Newbie
 
 
  

Re: MAC memory dump

Post Posted: Sat Jul 14, 2018 5:00 am

- jv89
I will also agree with the above comments.


Unless I missed something or some messages were deleted, the original poster seems to be asking about dumping memory from a Mac, not performing analysis of a memory dump.

Where between the original post and the first response did the context change?  

keydet89
Senior Member
 
 

Page 2 of 2
Go to page Previous  1, 2