讨论在macOS上构建Volatility 3符号表的困难,涉及系统版本兼容性问题和KDK使用情况。 2025-6-25 17:47:12 Author: www.reddit.com(查看原文) 阅读量:7 收藏
Dedicated to the branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. This field involves the application of several information security principles and aims to provide for attribution and event reconstruction following forth from audit processes. This subreddit is not limited to just personal computers and encompasses all media that may also fall under digital forensics (e.g., cellphones, video, etc.).
Has anyone recently built a macOS symbol table for Volatility 3? I have been unsuccessful in doing so, but I am wondering if it is user error or recent OS versions just aren't compatible. When I run strings and grep "Darwin Kernel Version" against my memory sample, I have to use KDK 15.3.1 build 24D70, which is Sequioa OS.
I found this article that states that there are compatibility issues past Catalina, but this was also published back in 2023. I am curious if anybody has had some recent success.
如有侵权请联系:admin#unsafe.sh