Skip to main content
SpringerLink
Log in

Reliable Acquisition of RAM Dumps from Intel-Based Apple Mac Computers over FireWire

  • Conference paper
Digital Forensics and Cyber Crime (ICDF2C 2010)

Included in the following conference series:

  • 1456 Accesses

Abstract

RAM content acquisition is an important step in live forensic analysis of computer systems. FireWire offers an attractive way to acquire RAM content of Apple Mac computers equipped with a FireWire connection. However, the existing techniques for doing so require substantial knowledge of the target computer configuration and cannot be used reliably on a previously unknown computer in a crime scene. This paper proposes a novel method for acquiring RAM content of Apple Mac computers over FireWire, which automatically discovers necessary information about the target computer and can be used in the crime scene setting. As an application of the developed method, the techniques for recovery of AOL Instant Messenger (AIM) conversation fragments from RAM dumps are also discussed in this paper.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Boileau, A.: Hit by Bus: Physical Access Attacks with Firewire, http://www.security-assessment.com/nz/publications/security_publications.html

  2. Boileau, A.: Releases: Winlockpwd, Pythonraw1394-1.0.tar.gz, http://www.storm.net.nz/projects/16

  3. Wikipedia Article: AOL Instant Messenger, http://en.wikipedia.org/wiki/AOL_Instant_Messenger

  4. Singh, A.: Process Photography on Mac OS X (Handcrafting Process Core Dumps), http://www.osxbook.com/book/bonus/chapter8/core

  5. Apple Open Source Connection, http://opensource.apple.com/

  6. Suiche, M.: Advanced Mac OS X memory analysis, Presentation at BlackHat Briefing Washington DC (February 2010), http://www.blackhat.com/presentations/bh-dc-10/Suiche_Matthieu/Blackhat-DC-2010-Advanced-Mac-OS-X-Physical-Memory-Analysis-wp.pdf

  7. Apple Developer Connection, http://developer.apple.com/

  8. Unified Extendible Firmware Interface Specifications, http://www.uefi.org/specs

  9. Goldfish tool, http://cci.ucd.ie/goldfish

  10. Becher, M., Dornseif, M., Klein, C.N.: 0wn3d by an iPod. In: Proceedings of PacSec 2004 Applied Security Conference, Tokyo (2004), http://pacsec.jp/psj04/psj04-dornseif-e.ppt

  11. 0xED hexadecimal editor, http://www.suavetech.com/0xed/0xed.html

Download references

Author information

Authors and Affiliations

  1. Center for Cybercrime Investigation, University College Dublin, Belfield, Dublin, 4, Ireland

    Pavel Gladyshev

  2. Electronic Forensics Department, Dubai Police Head Quarters, Dubai, United Arab Emirates

    Afrah Almansoori

Authors
  1. Pavel Gladyshev
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Afrah Almansoori
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Advances Cyber Forensics Research Laboratory, College of Information Technology, Zayed University, Abu Dhabi, UAE

    Ibrahim Baggili

Rights and permissions

Reprints and permissions

Copyright information

© 2011 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Gladyshev, P., Almansoori, A. (2011). Reliable Acquisition of RAM Dumps from Intel-Based Apple Mac Computers over FireWire. In: Baggili, I. (eds) Digital Forensics and Cyber Crime. ICDF2C 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 53. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19513-6_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-19513-6_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-19512-9

  • Online ISBN: 978-3-642-19513-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation