Forensic investigation into Mac OS X volatile memory
Coppock, Tom and Gan, Diane ORCID: https://orcid.org/0000-0002-0920-7572 (2013) Forensic investigation into Mac OS X volatile memory. In: Cyberforensics Perspectives : Proceedings of the 3rd International Conference on Cybercrime, Security and Digital Forensics (Cyberforensics 2013). University of Strathclyde Publishing, Strathclyde, Scotland, UK, pp. 65-72. ISBN 0-947649-97-5
Preview |
PDF (Publisher's PDF - Open Access)
11706 GAN_Forensic_Investigation_Volatile_Memory_2013.pdf - Published Version Download (374kB) | Preview |
Abstract
An important area for forensic investigations is live memory analysis captured from a running machine. The RAM may provide an in depth picture of the system when it was seized which could reveal many vital pieces of evidence otherwise unobtainable on the computer hard disk. Research in this area is relatively low on all platforms, but especially for Mac OS X. The aim of this work was to investigate volatile memory analysis for a Mac and to develop a tool, called VolaGUI, to assist forensic examiners when analyzing volatile memory.
Item Type: | Conference Proceedings |
---|---|
Title of Proceedings: | Cyberforensics Perspectives : Proceedings of the 3rd International Conference on Cybercrime, Security and Digital Forensics (Cyberforensics 2013) |
Uncontrolled Keywords: | Mac OS X, forensics, RAM Dump, VolaGUI, Volafox, mach-o, linear |
Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
Faculty / School / Research Centre / Research Group: | Faculty of Engineering & Science > Internet of Things and Security Research Centre (ISEC) Faculty of Engineering & Science > School of Computing & Mathematical Sciences (CMS) Faculty of Engineering & Science |
Related URLs: | |
Last Modified: | 04 Mar 2022 13:08 |
URI: | http://gala.gre.ac.uk/id/eprint/11706 |
Actions (login required)
View Item |
Downloads
Downloads per month over past year