RAM Dump Analysis for Apple OS X Systems

Kudos to Kyeong-Sik Lee and the Korean Digital Forensic Research Center for providing what I believe is the first publicly available tool for doing RAM dump analysis for Apple OS X systems. The new tool – volafox – isn’t as evolved as it’s Windows counterparts (HBGary Responder, MANDIANT Memoryze/Redline, or the Volatility Framework), but it is a great start. Volafox can be obtained from the link below.

References:
http://code.google.com/p/volafox/
http://computer.forensikblog.de/en/2011/06/mac_os_x_memory_analysis_with_volafox.html
http://blackhat.com/presentations/bh-dc-10/Suiche_Matthieu/Blackhat-DC-2010-Advanced-Mac-OS-X-Physical-Memory-Analysis-wp.pdf

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Leave a Reply