Memory acquisition is essential to defeat anti-forensic operating-system features and investigate cyberattacks that leave little or no evidence in secondary storage. The forensic community has developed tools to acquire physical memory from Apple’s Macintosh computers, but they have not much been tested. This work tested three major OS X memory-acquisition tools. Although the tools could capture system memory accurately, the open-source tool OSXPmem appeared advantageous in size, reliability, and support for memory configurations and versions of the OS X operating system.
 Ahmed W., Aslam B. (2015). A Comparison of Windows Physical Memory Acquisition Tools. Proc. IEEE Military Communications Conference, Tampa, Florida, US, October, pp. 1292-1297.
 BlackBag Technologies. (2017). Mac RAM Imaging and Analysis. Retrieved November 14, 2017 from www.blackbagtech.com/blog/ 2017/02/24/mac-ram-imaging-analysis, February 24.
 Carvajal L., Varol C., Chen L. (2013). Tools for Collecting Volatile Data: A Survey Study. Proc. IEEE Conf. on Technological Advances in Electrical, Electronics, and Computer Engineering, Konya, Turkey, May.
 Gu Y., Lin Z. (2016). Derandomizing Kernel Address Space Layout for Memory Introspection and Forensics. Proc. Sixth ACM Conf. on Data and Application Security and Privacy, New Orleans, Louisiana, US, March, pp. 62-72.
 Intel Corporation. (2012). Desktop 4th Generation Intel Core Processor Family, Desktop Intel Pentium Processor Family, and Desktop Intel Celeron Processor Family. Retrieved from May 25, 2015 from www.intel.com/ content/dam/www/public/us/en/documents/datasheets/4th-gen-core-family-desktop-vol-2-datasheet.pdf.
 Kamal K., Alfadel M., Munia M. (2016). Memory Forensics Tools: Comparing Time and Left Artifacts on Volatile Memory. Proc. Intl. Workshop on Computational Intelligence, Dhaka, Bangladesh, December, pp. 84-90.
 Leopard, C. (2015). Memory Forensics and the Macintosh OS X Operating System. M.S. thesis, U.S. Naval Postgraduate School, June. Retrieved June 15, 2015 from faculty.nps.edu/ ncrowe/oldstudents/cleopard_thesis.htm.
 Li Z., Xi B., and Wu S. (2016). Digital Forensics and Analysis for Android Devices. Proc. 11th Intl. Conf. on Computer Science and Education, Nagoya, Japan, August, pp. 496-500.
 Libser E., Kornblum J. (2008) A Proposal for an Integrated Memory Acquisition Mechanism. ACM SIGOPS Operating Systems Review, Vol. 42, No. 3, April, pp. 14-20.
 Ligh M., Case A., Levy J., Walters A. (2014). Art of Memory Forensics. Indianapolis, IN: Wiley.
 Neetha J., Sherina S., Dija S., Thomas K. (2014). Volatile Internet Evidence Extraction from Windows Systems. Proc. IEEE Intl. Conf. on Computational Intelligence and Computing Research, Coimbatore, India, September.
 Pan L., Savoldi A., Gubian P., and Batten L. (2008). Measure of Integrity Leakage in Live Forensic Context. Proc. Intl. Conf. on Intelligence Information Hiding and Multimedia Signal Processing, August, Harbin, China.
 Rekall Team. (2015). Rekall Memory Forensic Framework: About the Rekall Memory Forensic Framework. Retrieved March 13, 2015 from www.rekall-forensic.com/ about.html.
 Stuttgen, J., Cohen M. (2013). Anti-Forensic Resilient Memory Acquisition. Digital Investigation, Vol. 10, pp. S105-S115.
 Sutherland, I., Evans, J., Tryfonas, T., Blyth A. (2008). Acquiring Volatile Operating System Data Tools and Techniques. ACM SIGOPS Operating Systems Review, Vol. 42, No. 3, April, pp. 65-73.
 Volatility Foundation. (2015). The Volatility Foundation – Open Source Memory Forensics. Retrieved March 13, 2015 from www.volatilityfoundation.org/#!about/cmf3.
 Vömel, S., Freiling, F. (2012). Correctness, Atomicity, and Integrity: Defining Criteria for Forensically-Sound Memory Acquisition. Digital Investigation, Vol. 9, pp. 125-137.
 Zhang, L., Zhang D., Wang L. (2010) Live Digital Forensics in a Virtual Machine. Proc. IEEE Conf. on Computer Application and System Modeling, Taiyuan, China, October.
Leopard, Charles B.; Rowe, Neil C.; and McCarrin, Michael R.
"Testing Memory Forensics Tools for the Macintosh OS X Operating System,"
Journal of Digital Forensics, Security and Law: Vol. 13
, Article 7.
Available at: https://commons.erau.edu/jdfsl/vol13/iss1/7