From Collaborative RCE Knowledge Library

Jump to: navigation, search

Advanced MacOS X physical memory analysis

Item name: Advanced MacOS X physical memory analysis
Rating: 0.0 (0 votes)
Author: Matthieu Suiche                        
Home URL: http://www.msuiche.net
Last updated: February 2010
Version (if appl.):
Direct D/L link: http://blackhat.com/presentations/bh-dc-10/Suiche_Matthieu/Blackhat-DC-2010-Advanced-Mac-OS-X-Physical-Memory-Analysis-wp.pdf
Description: In 2008 and 2009, companies and governments (e.g. Law Enforcement agencies) interests for Microsoft Windows physical memory grew significantly. Now it is time to talk about Mac OS X. This paper will introduce basis of Mac OS X Kernel Internals regarding management of processes, threads, files, system calls, kernel extensions and more. Moreover, we are going to details how to initialize and perform a virtual to physical translation under an x86 Mac OS X environment.
Related URLs:
The BlackHat slides of this presentation:
http://www.msuiche.net/con/BHDC2010_MacOSX_PhysicalMemory.pdf


RSS feed Feed containing all updates for this item.

You are welcome to add your own useful notes about this tool, for others to see!



If you find that any information for the item above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)


Views
Category Navigation Tree
   Tools