An Approach to Analyze Physical Memory Image File of Mac OS X
Memory analysis is one of the key techniques in computer live forensics. Especially, the analysis of a Mac OS X operating system' s memory image file plays an important role in identifying the running status of an apple computer. However, how to analyze the image file without using extra" roach_ ker...
Gespeichert in:
| Veröffentlicht in: | 哈尔滨工业大学学报(英文版) 2014-08, Vol.21 (4), p.116-120 |
|---|---|
| 1. Verfasser: | |
| Format: | Artikel |
| Sprache: | eng |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 120 |
|---|---|
| container_issue | 4 |
| container_start_page | 116 |
| container_title | 哈尔滨工业大学学报(英文版) |
| container_volume | 21 |
| creator | Li-Juan Xu Lian-Hai Wang |
| description | Memory analysis is one of the key techniques in computer live forensics. Especially, the analysis of a Mac OS X operating system' s memory image file plays an important role in identifying the running status of an apple computer. However, how to analyze the image file without using extra" roach_ kernel" file is one of the unsolved difficulties. In this paper, we firstly compare several approaches for physical memory acquisition and analyze the effects of each approach on physical memory. Then, we discuss the traditional methods for the physical memory file analysis of Mac OS X. A novel physical memory image file analysis approach without using extra" mach_kernel" file is proposed base on the discussion. We verify the performance of the new approach on Mac OS X 10. 8. 2. The experimental results show that the proposed approach is simpler and more practical than previous ones. |
| format | Article |
| fullrecord | <record><control><sourceid>wanfang_jour_chong</sourceid><recordid>TN_cdi_wanfang_journals_hebgydxxb_e201404018</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><cqvip_id>662541731</cqvip_id><wanfj_id>hebgydxxb_e201404018</wanfj_id><sourcerecordid>hebgydxxb_e201404018</sourcerecordid><originalsourceid>FETCH-LOGICAL-c1348-11284e8f0243e8cfdb272cea220f9bc3b2a441434619bf3566afab5a63fa0a8f3</originalsourceid><addsrcrecordid>eNotjkFLwzAYhnNQcE7_Q_BsIV--NEsPHspwOtiYoIK38iVL2o62ma3i6q-3ME_P5Xle3gs2AyHSJAPAK3Y9DAchMMuEnrGHvOP58dhHchX_ijzvqBl_PX-pxqF21PCtb2M_8nVLpeeruvE8Br4lx3ev_OOGXQZqBn_7zzl7Xz2-LZ-Tze5pvcw3iQNUJgGQRnkThFTojQt7KxfSeZJShMw6tJKUAoVKQ2YDplpTIJuSxkCCTMA5uz_v_lAXqCuLQ_zup6dDUXlbjvvTyRZeClBCCTCTfnfWXRW78rOegmNft9SPhdYyVbBAwD8U71Ar</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>An Approach to Analyze Physical Memory Image File of Mac OS X</title><source>Alma/SFX Local Collection</source><creator>Li-Juan Xu Lian-Hai Wang</creator><creatorcontrib>Li-Juan Xu Lian-Hai Wang</creatorcontrib><description>Memory analysis is one of the key techniques in computer live forensics. Especially, the analysis of a Mac OS X operating system' s memory image file plays an important role in identifying the running status of an apple computer. However, how to analyze the image file without using extra" roach_ kernel" file is one of the unsolved difficulties. In this paper, we firstly compare several approaches for physical memory acquisition and analyze the effects of each approach on physical memory. Then, we discuss the traditional methods for the physical memory file analysis of Mac OS X. A novel physical memory image file analysis approach without using extra" mach_kernel" file is proposed base on the discussion. We verify the performance of the new approach on Mac OS X 10. 8. 2. The experimental results show that the proposed approach is simpler and more practical than previous ones.</description><identifier>ISSN: 1005-9113</identifier><language>eng</language><publisher>Shandong Provincial Key Laboratory of Computer Network, Shandong Computer Science CenterNational Supercomputer Center in Jinan, Jinan 250101, China</publisher><ispartof>哈尔滨工业大学学报(英文版), 2014-08, Vol.21 (4), p.116-120</ispartof><rights>Copyright © Wanfang Data Co. Ltd. All Rights Reserved.</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Uhttp://image.cqvip.com/vip1000/qk/86045X/86045X.jpg</thumbnail><link.rule.ids>314,776,780</link.rule.ids></links><search><creatorcontrib>Li-Juan Xu Lian-Hai Wang</creatorcontrib><title>An Approach to Analyze Physical Memory Image File of Mac OS X</title><title>哈尔滨工业大学学报(英文版)</title><addtitle>Journal of Harbin Institute of Technology</addtitle><description>Memory analysis is one of the key techniques in computer live forensics. Especially, the analysis of a Mac OS X operating system' s memory image file plays an important role in identifying the running status of an apple computer. However, how to analyze the image file without using extra" roach_ kernel" file is one of the unsolved difficulties. In this paper, we firstly compare several approaches for physical memory acquisition and analyze the effects of each approach on physical memory. Then, we discuss the traditional methods for the physical memory file analysis of Mac OS X. A novel physical memory image file analysis approach without using extra" mach_kernel" file is proposed base on the discussion. We verify the performance of the new approach on Mac OS X 10. 8. 2. The experimental results show that the proposed approach is simpler and more practical than previous ones.</description><issn>1005-9113</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2014</creationdate><recordtype>article</recordtype><recordid>eNotjkFLwzAYhnNQcE7_Q_BsIV--NEsPHspwOtiYoIK38iVL2o62ma3i6q-3ME_P5Xle3gs2AyHSJAPAK3Y9DAchMMuEnrGHvOP58dhHchX_ijzvqBl_PX-pxqF21PCtb2M_8nVLpeeruvE8Br4lx3ev_OOGXQZqBn_7zzl7Xz2-LZ-Tze5pvcw3iQNUJgGQRnkThFTojQt7KxfSeZJShMw6tJKUAoVKQ2YDplpTIJuSxkCCTMA5uz_v_lAXqCuLQ_zup6dDUXlbjvvTyRZeClBCCTCTfnfWXRW78rOegmNft9SPhdYyVbBAwD8U71Ar</recordid><startdate>20140801</startdate><enddate>20140801</enddate><creator>Li-Juan Xu Lian-Hai Wang</creator><general>Shandong Provincial Key Laboratory of Computer Network, Shandong Computer Science CenterNational Supercomputer Center in Jinan, Jinan 250101, China</general><scope>2RA</scope><scope>92L</scope><scope>CQIGP</scope><scope>W92</scope><scope>~WA</scope><scope>2B.</scope><scope>4A8</scope><scope>92I</scope><scope>93N</scope><scope>PSX</scope><scope>TCJ</scope></search><sort><creationdate>20140801</creationdate><title>An Approach to Analyze Physical Memory Image File of Mac OS X</title><author>Li-Juan Xu Lian-Hai Wang</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c1348-11284e8f0243e8cfdb272cea220f9bc3b2a441434619bf3566afab5a63fa0a8f3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2014</creationdate><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Li-Juan Xu Lian-Hai Wang</creatorcontrib><collection>中文科技期刊数据库</collection><collection>中文科技期刊数据库-CALIS站点</collection><collection>中文科技期刊数据库-7.0平台</collection><collection>中文科技期刊数据库-工程技术</collection><collection>中文科技期刊数据库- 镜像站点</collection><collection>Wanfang Data Journals - Hong Kong</collection><collection>WANFANG Data Centre</collection><collection>Wanfang Data Journals</collection><collection>万方数据期刊 - 香港版</collection><collection>China Online Journals (COJ)</collection><collection>China Online Journals (COJ)</collection><jtitle>哈尔滨工业大学学报(英文版)</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Li-Juan Xu Lian-Hai Wang</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>An Approach to Analyze Physical Memory Image File of Mac OS X</atitle><jtitle>哈尔滨工业大学学报(英文版)</jtitle><addtitle>Journal of Harbin Institute of Technology</addtitle><date>2014-08-01</date><risdate>2014</risdate><volume>21</volume><issue>4</issue><spage>116</spage><epage>120</epage><pages>116-120</pages><issn>1005-9113</issn><abstract>Memory analysis is one of the key techniques in computer live forensics. Especially, the analysis of a Mac OS X operating system' s memory image file plays an important role in identifying the running status of an apple computer. However, how to analyze the image file without using extra" roach_ kernel" file is one of the unsolved difficulties. In this paper, we firstly compare several approaches for physical memory acquisition and analyze the effects of each approach on physical memory. Then, we discuss the traditional methods for the physical memory file analysis of Mac OS X. A novel physical memory image file analysis approach without using extra" mach_kernel" file is proposed base on the discussion. We verify the performance of the new approach on Mac OS X 10. 8. 2. The experimental results show that the proposed approach is simpler and more practical than previous ones.</abstract><pub>Shandong Provincial Key Laboratory of Computer Network, Shandong Computer Science CenterNational Supercomputer Center in Jinan, Jinan 250101, China</pub><tpages>5</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1005-9113 |
| ispartof | 哈尔滨工业大学学报(英文版), 2014-08, Vol.21 (4), p.116-120 |
| issn | 1005-9113 |
| language | eng |
| recordid | cdi_wanfang_journals_hebgydxxb_e201404018 |
| source | Alma/SFX Local Collection |
| title | An Approach to Analyze Physical Memory Image File of Mac OS X |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-04T03%3A09%3A54IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-wanfang_jour_chong&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=An%20Approach%20to%20Analyze%20Physical%20Memory%20Image%20File%20of%20Mac%20OS%20X&rft.jtitle=%E5%93%88%E5%B0%94%E6%BB%A8%E5%B7%A5%E4%B8%9A%E5%A4%A7%E5%AD%A6%E5%AD%A6%E6%8A%A5%EF%BC%88%E8%8B%B1%E6%96%87%E7%89%88%EF%BC%89&rft.au=Li-Juan%20Xu%20Lian-Hai%20Wang&rft.date=2014-08-01&rft.volume=21&rft.issue=4&rft.spage=116&rft.epage=120&rft.pages=116-120&rft.issn=1005-9113&rft_id=info:doi/&rft_dat=%3Cwanfang_jour_chong%3Ehebgydxxb_e201404018%3C/wanfang_jour_chong%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_cqvip_id=662541731&rft_wanfj_id=hebgydxxb_e201404018&rfr_iscdi=true |