[Vol-users] list running process from a ram dump of MAC os x elcapitan

Razeem Ahmad razeemahmad at gmail.com
Mon Mar 28 14:49:28 CDT 2016


Sir,
        I am doing my M.E in Cyber forensics and Information Security,
currently doing my project work on MAC RAM dump analysis. I am using
volafox-master for listing data from my dump collected from my lap. Can you
please help me how we can find the list of running process. Currently i've
found a symbol that volatility uses("_allproc") also ive found it from
symutils file.
But i don't know what to do with it.
                                                                   Thanks
in advance, Razeem
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20160328/2b25604a/attachment.html


More information about the Vol-users mailing list