13 posts tagged with "DFIR"

This writeup is covering the cyberdefenders.org challenge named "Brave". Today we are going to solve this challenge using the VolWeb memory analysis platform.

Being interested in memory forensic for a while now, I have learned a lot about the volatility3 framework. In this article, we will go through how you can use the framework's libraries to automate your memory analysis tasks and directly exploit the results. I will assume in this article that the reader has a basic understanding of how volatility3 is exploiting memory to extract evidence. If you want to learn more about volatility3, you can check the links in the "References" section.

Being interested in memory forensic for a while now I have learned a lot about the Volatility framework. This article will introduce volatility3 core components and focus on kernel symbols. Next, I will explain the steps I took to generate a lot of MacOs SymbolTables. Finally you will be able to retrieve those SymbolsTables directly from github. The final goal is to create a public repository like windows to automatically identify mac os system version and directly download the associated SymbolTables.