Loading ...
Sorry, an error occurred while loading the content.

Re: [linux_forensics] /dev/mem is gone on MacOS

Expand Messages
  • echo6
    ... Hash: SHA1 Simson, Yes, I have got it working. More reliably on *nix target systems than Windows. (Windows Forensic Analysis by Harlan Carvey) Ideally use
    Message 1 of 11 , Oct 7, 2008
    • 0 Attachment
      -----BEGIN PGP SIGNED MESSAGE-----
      Hash: SHA1

      Simson,

      Yes, I have got it working. More reliably on *nix target systems than
      Windows. (Windows Forensic Analysis by Harlan Carvey)

      Ideally use a laptop which you know has the supported hardware.

      Helix 1.9a has all the tools required, providing you have the hardware
      which is ieee1394 compliant.

      Don't concern yourself with the "firewire iPods" stuff, Adam Boileau
      http://storm.net.nz/ who first presented the tools provided a few
      examples of the CSR (content status register) stuff required for the
      firewire method to work. He even included an example ipod.csr file. I
      have also have had it working for a firewire/IDE->usb/firewire bridge
      device.

      Having said all that...I've never tested it on OSX 10.5!!

      Jon.

      Simson Garfinkel wrote:
      > On Oct 7, 2008, at 6:18 AM, echo6 wrote:
      >
      >> -----BEGIN PGP SIGNED MESSAGE-----
      >> Hash: SHA1
      >>
      >> http://www.osxbook.com/book/bonus/chapter8/kma
      >>
      >> Or you could acquire memory over firewire !
      >>
      >
      > I've never gotten the firewire trick to work. Have you gotten it to
      > work? These days I can't even find firewire iPods...
      >

      -----BEGIN PGP SIGNATURE-----
      Version: GnuPG v1.4.6 (GNU/Linux)
      Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

      iD8DBQFI6+iIbSv1saVS9ucRAiecAJ4qGelZESGOcqVuhGw37aDpmdXNcACfQmdX
      qvIaA5nc2uImW7Td4RYURRc=
      =UgJ+
      -----END PGP SIGNATURE-----
    • Simson Garfinkel
      ... Awesome. Which programs do we use? ... Thanks. I ll give it a try and report back if you can fill me in on what to use...
      Message 2 of 11 , Oct 7, 2008
      • 0 Attachment
        On Oct 7, 2008, at 3:54 PM, echo6 wrote:
        > Helix 1.9a has all the tools required, providing you have the hardware
        > which is ieee1394 compliant.
        >

        Awesome. Which programs do we use?

        >
        >
        > Don't concern yourself with the "firewire iPods" stuff, Adam Boileau
        > http://storm.net.nz/ who first presented the tools provided a few
        > examples of the CSR (content status register) stuff required for the
        > firewire method to work. He even included an example ipod.csr file. I
        > have also have had it working for a firewire/IDE->usb/firewire bridge
        > device.
        >
        > Having said all that...I've never tested it on OSX 10.5!!
        >

        Thanks. I'll give it a try and report back if you can fill me in on
        what to use...
      Your message has been successfully submitted and would be delivered to recipients shortly.