Dalarna University's logo and link to the university's website

du.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • chicago-author-date
  • chicago-note-bibliography
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Forensisk analys av volatilt minne från operativsystemet OS X
Dalarna University, School of Technology and Business Studies, Computer Engineering.
2014 (Swedish)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [sv]

Behovet av att analysera volatilt minne från Macintosh-datorer med OS X har blivit allt mer betydelsefull på grund av att deras datorer blivit allt populärare och att volatil minnesanalysering blivit en allt viktigare del i en IT-forensikers arbete. Anledningen till att volatil minnesanalysering blivit allt viktigare är för att det går att finna viktig information som inte finns lagrad permanent på datorns interna hårddisk. Problemet som låg till grunden för det här examensarbetet var att det uppenbart fanns brist på undersökningsmetoder av det volatila minnet för Mac-datorer med OS X.Syftet med detta arbete var därför att undersöka möjligheten att utvinna information från ett volatilt minne från en Mac-dator med OS X genom att kartlägga och bedöma olika undersökningsmetoder. För att göra denna undersökning har litteraturstudier, informella intervjuer, egna kunskaper och praktiska försök genomförts.Slutsatsen blev att möjligheten att utvinna information från det volatila minnet från en Mac-dator med OS X är relativt begränsad. Det största problemet är själva dumpningen av minnet. Många av dumpningsmetoderna som finns att tillgå kräver administrativa rättigheter. Vid analysering av en minnesdump bör man aldrig förlita sig på en analysmetod då olika analysmetoder ger olika resultat som kan vara till nytta för en vidare undersökning av en Mac-dator.

Abstract [en]

The need to analyze volatile memory on Macintosh computers with OS X has become increasingly important due to the fact that their computers have become more popular and volatile memory analysis has become a more important part of an IT-forensics work. The reason volatile memory analysis has become more important is that it's possible to find information that’s not stored permanently on the computer’s hard drive. The problem that formed the basis for this thesis was that it was obvious there was a lack of methods of investigation of the volatile memory for Macs running OS X.The aim of this work was therefore to investigate the possibility of extracting information from a volatile memory from a Mac computer with OS X by identifying and assessing different methods of investigation. To do this investigation, literature studies, informal interviews, own knowledge and practical attempts have been conducted.It was concluded that the ability to extract information from the volatile memory from a Mac-computer with OS X is relatively limited. The biggest problem is the dumping of the memory. Many of the available dumping methods require administrative rights. When analyzing a memory dump you should never rely on one analyze method since different analyze methods give different results that can be useful for further investigation of a Mac-computer.

Place, publisher, year, edition, pages
2014.
Keywords [en]
Apple, OS X, Volatile memory, Investigation methods
Keywords [sv]
Apple, OS X, Volatilt minne, Undersökningsmetoder
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:du-17319OAI: oai:DiVA.org:du-17319DiVA, id: diva2:807431
Available from: 2015-04-23 Created: 2015-04-23 Last updated: 2015-04-23Bibliographically approved

Open Access in DiVA

fulltext(1405 kB)483 downloads
File information
File name FULLTEXT01.pdfFile size 1405 kBChecksum SHA-512
4d4b02f1ed2251e266df17d02858a72145f2888a0032c3efc1af6e20f3824badb3e0b236d8e4222f580d7558cf9b66aaca47dfc90a1fc05db9d4d00cf03755b5
Type fulltextMimetype application/pdf

By organisation
Computer Engineering
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 483 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 398 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • chicago-author-date
  • chicago-note-bibliography
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf