Please submit manuscripts in either of the following two submission systems

    ScholarOne Manuscripts

  • ScholarOne

    • 勤云稿件系统

  • 登录

Search by Issue

  • 2024 Vol.31
  • 2023 Vol.30
  • 2022 Vol.29
  • 2021 Vol.28
  • 2020 Vol.27
  • 2019 Vol.26
  • 2018 Vol.25
  • 2017 Vol.24
  • 2016 vol.23
  • 2015 vol.22
  • 2014 vol.21
  • 2013 vol.20
  • 2012 vol.19
  • 2011 vol.18
  • 2010 vol.17
  • 2009 vol.16
  • No.1
  • No.2

Search by Keywords

  • Search by Title
  • Search by Keywords
  • Search by Abstract
  • Search by Author's Chinese Name
  • Search by Author's English Name
  • Search by Fund

News & AnnouncementMORE

Supervised by Ministry of Industry and Information Technology of The People's Republic of China Sponsored by Harbin Institute of Technology Editor-in-chief Yu Zhou ISSNISSN 1005-9113 CNCN 23-1378/T

期刊网站二维码
微信公众号二维码
Related citation:Li-Juan Xu,Lian-Hai Wang.An Approach to Analyze Physical Memory Image File of Mac OS X[J].Journal of Harbin Institute Of Technology(New Series),2014,21(4):116-120.DOI:10.11916/j.issn.1005-9113.2014.04.018.
【Print】   【HTML】   【PDF download】   View/Add Comment  Download reader   Close
←Previous|Next→ Back Issue    Advanced Search
This paper has been: browsed 1184times   downloaded 1191times 本文二维码信息
码上扫一扫!
Shared by: Wechat More
Font:larger+|default|smaller-
An Approach to Analyze Physical Memory Image File of Mac OS X
Author NameAffiliation
Li-Juan Xu Shandong Provincial Key Laboratory of Computer Network, Shandong Computer Science CenterNational Supercomputer Center in Jinan, Jinan 250101, China 
Lian-Hai Wang Shandong Provincial Key Laboratory of Computer Network, Shandong Computer Science CenterNational Supercomputer Center in Jinan, Jinan 250101, China 
Abstract:
Memory analysis is one of the key techniques in computer live forensics. Especially, the analysis of a Mac OS X operating system’s memory image file plays an important role in identifying the running status of an apple computer. However, how to analyze the image file without using extra”mach-kernel” file is one of the unsolved difficulties. In this paper, we firstly compare several approaches for physical memory acquisition and analyze the effects of each approach on physical memory. Then, we discuss the traditional methods for the physical memory file analysis of Mac OS X. A novel physical memory image file analysis approach without using extra“mach-kernel” file is proposed base on the discussion. We verify the performance of the new approach on Mac OS X 10.8.2. The experimental results show that the proposed approach is simpler and more practical than previous ones.
Key words:  computer forensics  live forensics  Mac OS X operating system  physical memory analysis
DOI:10.11916/j.issn.1005-9113.2014.04.018
Clc Number:TP309
Fund:

LINKS

Copyright © The Editorial Department of Journal of Harbin Institute of Technology
Address: 92 West Dazhi Street, Nan Gang District, Harbin, Heilongjiang Province, China Postcode: 150001
(C)2015 JOURNAL OF HIT ALL RIGHTS RESERVED. ICP. 0000423255