Forums
Main Category
General (Technical,...
Volatility Framewor...
 
Notifications
Clear all

Volatility Framework - Mac OS X Profile

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by royankit 3 years ago
3 Posts
3 Users
0 Reactions
3,337 Views
RSS
citizen
 citizen
(@citizen)
Eminent Member
Joined: 10 years ago
Posts: 38
Topic starter 16/08/2018 7:15 pm  

Hello,

Does anyone know if downloading the symbols for older MAC OS X versions and building a profile from a updated MAC OS X device works? I recently had a slew of failures attempting this on my own. But I suspect my memory images are the issue…

https://github.com/volatilityfoundation/volatility/wiki/Mac#creating-a-profile

I am interpreting what I am reading that following the steps in the link should be sufficient from any base OS version of MAC OS X.


   
Quote
Beleka
 Beleka
(@beleka)
Eminent Member
Joined: 8 years ago
Posts: 29
13/09/2018 1:15 pm  

I create the profiles using this tutorial https://ponderthebits.com/2017/02/osx-mac-memory-acquisition-and-analysis-using-osxpmem-and-volatility/

I use my macOS workstation to create the different profiles, changing the DebugKit to the distribution and build i want to create that profile for (this is better choice to have the profiles ready before an incident appear and avoid the corruption of the target machine).

I hope i helped you, Regards,

Sergio.


   
ReplyQuote
 royankit
(@royankit)
Active Member
Joined: 3 years ago
Posts: 10
11/03/2022 12:09 pm  

Thanks Beleka,

 Your suggestion really helped me. Is anyone has the additional information?


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: