Extracting FileVault 2 Keys with Volatility
This is a volatility plugin which can recover FileVault 2 Volume Master Keys from memory, based on a certain pattern. It has been briefly tested on OS X 10.9 – 10.11. Plugin on GitHub here [https://github.com/tribalchicken/volatility-filevault2]. This is aVolatility Framework [http://volatilityfoundation.org] plugin which is capable of recovering the… leer más
Hunting malware through memory analysis
A word of warning… Lots of screenshots in this post. Update 10/05/2015: I’ve updated the article with more information about some of the commands used in order to help out people who aren’t familiar with Volatility. When hunting a piece of malware it can be very interesting to have a poke… leer más