Repository landing page

We are not able to resolve this OAI Identifier to the repository landing page. If you are the repository manager for this record, please head to the Dashboard and adjust the settings.
oaioai:scholar.afit.edu:facpub-2227

Acquiring OS X File Handles through Forensic Memory Analysis

Authors
Publication date
1 January 2012
Publisher
AFIT Scholar

Abstract

Memory analysis has become a critical capability in digital forensics because it provides insight into system state that cannot be fully represented through traditional media analysis. The volafox open source project has begun the work of structured memory analysis for OS X with support for a limited set of kernel structures. This paper addresses one memory analysis deficiency on OS X with the introduction of a new volafox module for parsing file handles associated with running processes. The developed module outputs information comparable to the UNIX lsof (list open files) command, which is used to validate the results

Similar works

Full text

thumbnail-image

AFTI Scholar (Air Force Institute of Technology)

redirect
oaioai:scholar.afit.edu:facpub-22...
Last time updated on 19/06/2023

This paper was published in AFTI Scholar (Air Force Institute of Technology).

Having an issue?

Is data on this page outdated, violates copyrights or anything else? Report the problem now and we will take corresponding actions after reviewing your request.