Today I'll provide a few more examples of what evidence can be found in a Mac OS X memory dump and how to extract it using file carving techniques. In Part 1 of this post, I showed you how to acquire the contents of physical RAM of a Mac OS X computer using ATC-NY's Mac Memory Reader, and did some simple analysis using strings and grep searches.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |