Volatility Framewor...
 
Notifications
Clear all

Volatility Framework - Mac OS X Profile

3 Posts
3 Users
0 Likes
2,859 Views
citizen
(@citizen)
Posts: 38
Eminent Member
Topic starter
 

Hello,

Does anyone know if downloading the symbols for older MAC OS X versions and building a profile from a updated MAC OS X device works? I recently had a slew of failures attempting this on my own. But I suspect my memory images are the issue…

https://github.com/volatilityfoundation/volatility/wiki/Mac#creating-a-profile

I am interpreting what I am reading that following the steps in the link should be sufficient from any base OS version of MAC OS X.

 
Posted : 16/08/2018 6:15 pm
Beleka
(@beleka)
Posts: 29
Eminent Member
 

I create the profiles using this tutorial https://ponderthebits.com/2017/02/osx-mac-memory-acquisition-and-analysis-using-osxpmem-and-volatility/

I use my macOS workstation to create the different profiles, changing the DebugKit to the distribution and build i want to create that profile for (this is better choice to have the profiles ready before an incident appear and avoid the corruption of the target machine).

I hope i helped you, Regards,

Sergio.

 
Posted : 13/09/2018 12:15 pm
(@royankit)
Posts: 10
Active Member
 

Thanks Beleka,

 Your suggestion really helped me. Is anyone has the additional information?

 
Posted : 11/03/2022 11:09 am
Share: