Over the years, Mac users considered anti-virus is unnecessary as they have enjoyed the benefit of being less vulnerable to malware attacks than Windows users. This “myth” lead to proliferation of systems running Mac OS X in major corporations, web design, and marketing companies. But the malware such as WireLurker, distributed through trojanized / repackaged OS X applications had disproved this notion and resulted in the need for OS X incident response.
This article discusses about collecting important volatile information using basic bash commands and to collect volatile memory (RAM) from Mac systems using open source tool called “osxpmem”. Below mentioned commands and procedures can be used to collect and preserve relevant artifacts for a malware investigation.
To explore the full article, please open the attached pdf file.