SANS Digital Forensics and Incident Response Blog: Daily Archives: Jan 28, 2011

Mac OS Forensics How-To: Simple RAM Acquisition and Analysis with Mac Memory Reader (Part 1)

A simple how-to on capturing contents of physical RAM on Mac OS computer using Mac Memory Reader. I will demonstrate how incident responders can do a simple analysis on the resulting binary file using strings, a hex-editor and foremost. Continue reading Mac OS Forensics How-To: Simple RAM Acquisition and Analysis with Mac Memory Reader (Part 1)