Reliable Acquisition of RAM Dumps from Intel-Based Apple Mac Computers over FireWire
نویسندگان
چکیده
RAM content acquisition is an important step in live forensic analysis of computer systems. FireWire offers an attractive way to acquire RAM content of Apple Mac computers equipped with a FireWire connection. However, the existing techniques for doing so require substantial knowledge of the target computer configuration and cannot be used reliably on a previously unknown computer in a crime scene. This paper proposes a novel method for acquiring RAM content of Apple Mac computers over FireWire, which automatically discovers necessary information about the target computer and can be used in the crime scene setting. As an application of the developed method, the techniques for recovery of AOL Instant Messenger (AIM) conversation fragments from RAM dumps are also discussed in this paper.
منابع مشابه
Hard Real-time Networking on Firewire
This paper investigates the possibility of using standard, low-cost, widely used FireWire as a new generation fieldbus medium for real-time distributed control applications. A real-time software subsystem, RT-FireWire was designed that can, in combination with Linux-based real-time operating system, provide hard real-time communication over FireWire. In addition, a high-level module that can em...
متن کاملFireWire Finally Comes Home
117 Standards I n February 1997, I wrote a Computer column titled " Linking Computers and Consumer Electronics, " which described the IEEE 1394 networking standard, otherwise known as FireWire. FireWire was designed to link personal computers, digital cameras , televisions, DVD players, printers, and other home electronics equipment. In one sense, FireWire represented the technology behind all ...
متن کاملLive Memory Acquisition through FireWire
Although FireWire-based memory acquisition method has been introduced for several years, the methodologies are not discussed in detail and still lack of practical tools. Besides, the existing method is not working stably when dealing with different versions of Windows. In this paper, we try to compare different memory acquisition methods and discuss their virtues and disadvantages. Then, the me...
متن کاملCluster Computing with iMacs and Power Macintoshes
We investigate the use of a cluster of networked Apple iMac or Power Macintosh personal computers as a compute server for sequential and parallel programs, and describe our experiences with a cluster of iMacs used primarily for an undergraduate teaching laboratory. We explore the support for cluster computing offered by the various operating systems available for the Macintosh: MacOS 8; the upc...
متن کاملCluster Computing with iMacs and Power MacintoshesD
We investigate the use of a cluster of networked Apple iMac or Power Macintosh personal computers as a compute server for sequential and parallel programs, and describe our experiences with a cluster of iMacs used primarily for an undergraduate teaching laboratory. We explore the support for cluster computing ooered by the various operating systems available for the Macintosh: MacOS 8; the upco...
متن کامل