Mac Memory Forensics – WeChat Analysis in a live system

Rapid growth of the usage of OS X has inspired forensic researchers to analyze devices such as the iPad, iPhone and Mac deeply. Therefore, OS X forensics, starting from Jonathan Zdziarski in 2008, became a very hot topic. However, most of the research and trainings are focused on file system analysis. Although there are some methods: eg Volatility, Volafox, Memoryze for Mac, Mac Memory Reader, MacLockPick and Rekall, able to analyze mac memory, mac memory analysis is relatively strange. This paper is to demonstrate a fast track of mac memory forensics via studying the evidence of a very popular social networking application ‘WeChat’…

Read More

Leave a Comment