MAC memory dump

Marksman1969 · 2018-05-15T08:33:27Z

I have used Blackbag's Macquisition to dump RAM on a running Macbook, using their soft reboot option. However, I am still searching for other tools (or commands) that get the job done. Windows has a lot of (free) tools, Mac hasn't. Does anybody know any working tool and than of course, working on (High)Sierra. I can't get Rekall/osxpmem working. Is Surumi Recon Imager any good?

Page 2 / 2 Prev

General (Technical, Procedural, Software, Hardware etc.)

Last Post by Beleka 7 years ago

12 Posts

11 Users

0 Reactions

10.7 K Views

RSS

keydet89

(@keydet89)

Famed Member

Joined: 21 years ago

Posts: 3568

14/07/2018 12:00 pm

I will also agree with the above comments.

Unless I missed something or some messages were deleted, the original poster seems to be asking about dumping memory from a Mac, not performing analysis of a memory dump.

Where between the original post and the first response did the context change?

ReplyQuote

Beleka

(@beleka)

Eminent Member

Joined: 8 years ago

Posts: 29

13/09/2018 1:11 pm

https://ponderthebits.com/2017/02/osx-mac-memory-acquisition-and-analysis-using-osxpmem-and-volatility/

You can follow this guide to extract and create the profile associated with your Mac. I tried it on different distributions and builds, and it worked perfectly.

About analysis in my opinion, the best choice is extracting RAW memory from the AFF4 format rekall create, and analyze it with Volatility.

Regards

ReplyQuote

Page 2 / 2 Prev

8 Forums
15.7 K Topics
92.3 K Posts
157 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed