Mac系統之記憶體鑑識分析實務 / Memory forensics of MacOS
IN THIS HANDS-ON LAB:
揮發性資料鑑識分析將在無檔案式攻擊或雲端資安事件中扮演重要角色。且因為揮發性資料於設備運作中難以完整清除,鑑識分析人員可能因此找到更多案件相關線索。然而,考慮揮發性資料擷取的時效性問題,Magnet Cyber的遠端即時取證分析將成為鑑識分析人員的最佳選擇。今天我們將展示如何在Mac系統發生資安攻擊事件之後,利用哪些關鍵字找出在記憶體中的關鍵數位證據
The forensics of volatile data will more important than before, especially in fileless cyber-attack or cloud-based incidents. The memory could have interesting clues because it’s hard to wipe RAM online. However, we might lose the opportunity to find evidence in memory without immediate action with Magnet Cyber. Today, we’ll demonstrate what keywords the investigator could use to find evidence in memory of MacOS.