Skip to main content
Journal ArticleOPEN ACCESS

Testing Memory Forensics Tools for the Macintosh OS X Operating System

  • Leopard C
  • Rowe N
  • McCarrin M
The Journal of Digital Forensics, Security and Law (2018)
DOI: 10.15394/jdfsl.2018.1491
N/ACitations
Citations of this article
11Readers
Mendeley users who have this article in their library.

Abstract

Memory acquisition is essential to defeat anti-forensic operating-system features and investigate cyberattacks that leave little or no evidence in secondary storage. The forensic community has developed tools to acquire physical memory from Apple's Macintosh computers, but they have not much been tested. This work tested three major OS X memory-acquisition tools. Although the tools could capture system memory accurately, the open-source tool OSXPmem appeared advantageous in size, reliability, and support for memory configurations and versions of the OS X operating system.

Cite

CITATION STYLE

APA

Leopard, C., Rowe, N., & McCarrin, M. (2018). Testing Memory Forensics Tools for the Macintosh OS X Operating System. The Journal of Digital Forensics, Security and Law. https://doi.org/10.15394/jdfsl.2018.1491

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free