Hello )
reading this post i noticed that you talked about the firewire method for aquiring the memory, can you point me out to some tools that can handle this?
i looked at raw1394 and 1394memdump, but are these tools compatible with a mac target machine or there are specific ones?
thnx )
Jon,
Hmm, I believe this has more to do with encrypting virtual memory and/or wiping memory between reboots, Vista has a similar option.
WRT Vista…which options?
Thanks.
Hi Doug,
I was just looking into this the other day. Didn't find anything yet, although Mathieu Suiche recently presented an interesting paper on "Advanced Mac OS X Physical Memory Analysis" at BlackHat
http//
He might be working on a tool…
Same sort of problem exists with Linux since they updated the kernel a year or so ago. Some of the folks I met at DFRWS last summer are apparently working on Linux memory dump techniques/tools.
If you come across anything that works, I'd appreciate it if you could give me a shout so I can include it in the next Live Analysis Workshop.
Eric
Greetings,
We'd all appreciate a shout, publicly or via PM….
-David