IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [ram-data-recovery]

5 questions
4
votes
1 answer

Best strategy to recover running Macbook "modern" Pro ram

(Take a Macbook Pro 2017 Sierra 10.12.5 for example.) What I had done was I downloaded osxpmem-2.1.post4.zip (vouched by ponderthebits.com/.., itself by google.com/..), unzipped it with finder, created a folder Memory_Captures and: sudo chown -R…
Pacerier
  • 3,253
  • 6
  • 34
  • 61
2
votes
2 answers

Is setting a firmware password on a Macbook enough to prevent cold boot attacks?

I have a Macbook configured with a firmware password required to boot from any media other than the built-in NVMe drive. In theory, this means without my password you can't boot from removable media. Is this enough to prevent cold boot attacks or…
user115400
0
votes
0 answers

Non-obvious Mitigations for This DMA-Attack Demonstrated by F-Secure

Are there any non-obvious mitigations for the big DMA-attack revealed last year and demonstrated in this video by F-Secure? We know that Microsoft has published some material pertaining to DMA-attacks, but, from my reading of Microsoft's article, it…
Daniel
  • 151
  • 1
  • 6
0
votes
1 answer

Interpreting this F-Secure Video of a DMA-Attack

I'm trying to interpret this video demonstration by F-Secure of the big cold-boot attack discovered last year. What is happening at the 50-second mark? Why does he insert the USB boot-device before doing whatever he does next? Was this…
Daniel
  • 151
  • 1
  • 6
0
votes
0 answers

Volatility: Dumping memory associated with a particular process

I'm trying figure out how I can dump the memory associated with a process. So far, I've managed to identify the PID's of the processes I'm interested in (along with their offset). However, I can't pinpoint the exact Volatility plug-in/command I…
F_Infinity2
  • 1