When using Volatility with a memory image, what is the Kernel version?Kernel panics; Apple hardware test...
Critique vs nitpicking
How can I handle players killing my NPC outside of combat?
Why do objects rebound after hitting the ground?
Crack the bank account's password!
Insecure private-key encryption
Do we still track damage on indestructible creatures?
When using Volatility with a memory image, what is the Kernel version?
I have trouble understanding this fallacy: "If A, then B. Therefore if not-B, then not-A."
If angels and devils are the same species, why would their mortal offspring appear physically different?
No option to ask a question in https://developer.salesforce.com discussion forums
Can you say "leftside right"?
Growth of Mordell-Weil Rank of Elliptic Curves over Field Extensions
What species should be used for storage of human minds?
Specific list manipulation
How to put text above column in minipage?
Fraction within another fraction
Why might frozen potatoes require a hechsher?
How to check if remote-signer is working as expected?
Boss asked me to sign a resignation paper without a date on it along with my new contract
Rigorous justification for non-relativistic QM perturbation theory assumptions?
Can I travel from country A to country B to country C without going back to country A?
Sensor logger for Raspberry Pi in a stratospheric probe
Is the percentage symbol a constant?
Why is it that Bernie Sanders is always called a "socialist"?
When using Volatility with a memory image, what is the Kernel version?
Kernel panics; Apple hardware test error codes… Bad memory?What is wired memory?kernel_task using *way* too much memoryUsing memory with a higher MHz rating?Apple Mail Using Excessive Memoryeapolclient process using 30GB of memory?OS X swapping with free memory available?Password field in cleartext inside VPN Apple Mobile profilesWhat could cause swapping when there is no memory spike?What is the purpose of speculative memory?
The Volatility memory forensics framework github website lists these Mac profiles for OS 10.11:
Profiles
--------
MacElCapitan_10_11_15A284x64 - A Profile for Mac ElCapitan_10.11_15A284 x64
MacElCapitan_10_11_1_15B42x64 - A Profile for Mac ElCapitan_10.11.1_15B42 x64
MacElCapitan_10_11_2_15C50x64 - A Profile for Mac ElCapitan_10.11.2_15C50 x64
MacElCapitan_10_11_3_15D21_15D13bx64 - A Profile for Mac ElCapitan_10.11.3_15D21_15D13b x64
MacElCapitan_10_11_4_15E27ex64 - A Profile for Mac ElCapitan_10.11.4_15E27e x64
MacElCapitan_10_11_4_15E39dx64 - A Profile for Mac ElCapitan_10.11.4_15E39d x64
MacElCapitan_10_11_4_15E49ax64 - A Profile for Mac ElCapitan_10.11.4_15E49a x64
MacElCapitan_10_11_4_15E65x64 - A Profile for Mac ElCapitan_10.11.4_15E65 x64
MacElCapitan_10_11_5_15F18b_15F24bx64 - A Profile for Mac ElCapitan_10.11.5_15F18b_15F24b x64
MacElCapitan_10_11_5_15F34x64 - A Profile for Mac ElCapitan_10.11.5_15F34 x64
MacElCapitan_10_11_6_15G1004_15G1108x64 - A Profile for Mac ElCapitan_10.11.6_15G1004_15G1108 x64
MacElCapitan_10_11_6_15G1212x64 - A Profile for Mac ElCapitan_10.11.6_15G1212 x64
MacElCapitan_10_11_6_15G1217x64 - A Profile for Mac ElCapitan_10.11.6_15G1217 x64
MacElCapitan_10_11_6_15G12ax64 - A Profile for Mac ElCapitan_10.11.6_15G12a x64
MacElCapitan_10_11_6_15G1421x64 - A Profile for Mac ElCapitan_10.11.6_15G1421 x64
MacElCapitan_10_11_6_15G1510x64 - A Profile for Mac ElCapitan_10.11.6_15G1510 x64
MacElCapitan_10_11_6_15G1611x64 - A Profile for Mac ElCapitan_10.11.6_15G1611 x64
MacElCapitan_10_11_6_15G17023x64 - A Profile for Mac ElCapitan_10.11.6_15G17023 x64
MacElCapitan_10_11_6_15G18013x64 - A Profile for Mac ElCapitan_10.11.6_15G18013 x64
MacElCapitan_10_11_6_15G19009x64 - A Profile for Mac ElCapitan_10.11.6_15G19009 x64
MacElCapitan_10_11_6_15G19ax64 - A Profile for Mac ElCapitan_10.11.6_15G19a x64
MacElCapitan_10_11_6_15G20015x64 - A Profile for Mac ElCapitan_10.11.6_15G20015 x64
MacElCapitan_10_11_6_15G24b_15G31x64 - A Profile for Mac ElCapitan_10.11.6_15G24b_15G31 x64
MacElCapitan_10_11_6_15G7ax64 - A Profile for Mac ElCapitan_10.11.6_15G7a x64
The Mac I am trying to analyze has this About box:
Here is the uname output:
users-Mac:~ user$ uname -a
Darwin users-Mac.local 15.6.0 Darwin Kernel Version 15.6.0: Thu Jun 23 18:25:34 PDT 2016; root:xnu-3248.60.10~1/RELEASE_X86_64 x86_64
users-Mac:~ user$
I have tried all of the Volatility profiles and none of them work.
What does the string in the volatility profile after the 10_11_6_ mean, and how do I find it for my machine?
security memory volatility forensics
asked 57 mins ago
vy32vy32
1,24541633
add a comment |
The Volatility memory forensics framework github website lists these Mac profiles for OS 10.11:
Profiles
--------
MacElCapitan_10_11_15A284x64 - A Profile for Mac ElCapitan_10.11_15A284 x64
MacElCapitan_10_11_1_15B42x64 - A Profile for Mac ElCapitan_10.11.1_15B42 x64
MacElCapitan_10_11_2_15C50x64 - A Profile for Mac ElCapitan_10.11.2_15C50 x64
MacElCapitan_10_11_3_15D21_15D13bx64 - A Profile for Mac ElCapitan_10.11.3_15D21_15D13b x64
MacElCapitan_10_11_4_15E27ex64 - A Profile for Mac ElCapitan_10.11.4_15E27e x64
MacElCapitan_10_11_4_15E39dx64 - A Profile for Mac ElCapitan_10.11.4_15E39d x64
MacElCapitan_10_11_4_15E49ax64 - A Profile for Mac ElCapitan_10.11.4_15E49a x64
MacElCapitan_10_11_4_15E65x64 - A Profile for Mac ElCapitan_10.11.4_15E65 x64
MacElCapitan_10_11_5_15F18b_15F24bx64 - A Profile for Mac ElCapitan_10.11.5_15F18b_15F24b x64
MacElCapitan_10_11_5_15F34x64 - A Profile for Mac ElCapitan_10.11.5_15F34 x64
MacElCapitan_10_11_6_15G1004_15G1108x64 - A Profile for Mac ElCapitan_10.11.6_15G1004_15G1108 x64
MacElCapitan_10_11_6_15G1212x64 - A Profile for Mac ElCapitan_10.11.6_15G1212 x64
MacElCapitan_10_11_6_15G1217x64 - A Profile for Mac ElCapitan_10.11.6_15G1217 x64
MacElCapitan_10_11_6_15G12ax64 - A Profile for Mac ElCapitan_10.11.6_15G12a x64
MacElCapitan_10_11_6_15G1421x64 - A Profile for Mac ElCapitan_10.11.6_15G1421 x64
MacElCapitan_10_11_6_15G1510x64 - A Profile for Mac ElCapitan_10.11.6_15G1510 x64
MacElCapitan_10_11_6_15G1611x64 - A Profile for Mac ElCapitan_10.11.6_15G1611 x64
MacElCapitan_10_11_6_15G17023x64 - A Profile for Mac ElCapitan_10.11.6_15G17023 x64
MacElCapitan_10_11_6_15G18013x64 - A Profile for Mac ElCapitan_10.11.6_15G18013 x64
MacElCapitan_10_11_6_15G19009x64 - A Profile for Mac ElCapitan_10.11.6_15G19009 x64
MacElCapitan_10_11_6_15G19ax64 - A Profile for Mac ElCapitan_10.11.6_15G19a x64
MacElCapitan_10_11_6_15G20015x64 - A Profile for Mac ElCapitan_10.11.6_15G20015 x64
MacElCapitan_10_11_6_15G24b_15G31x64 - A Profile for Mac ElCapitan_10.11.6_15G24b_15G31 x64
MacElCapitan_10_11_6_15G7ax64 - A Profile for Mac ElCapitan_10.11.6_15G7a x64
The Mac I am trying to analyze has this About box:
Here is the uname output:
users-Mac:~ user$ uname -a
Darwin users-Mac.local 15.6.0 Darwin Kernel Version 15.6.0: Thu Jun 23 18:25:34 PDT 2016; root:xnu-3248.60.10~1/RELEASE_X86_64 x86_64
users-Mac:~ user$
I have tried all of the Volatility profiles and none of them work.
What does the string in the volatility profile after the 10_11_6_ mean, and how do I find it for my machine?
security memory volatility forensics
asked 57 mins ago
vy32vy32
1,24541633
Did you redact that serial number or is it made up / virtual?
– bmike♦
35 mins ago
add a comment |
The Volatility memory forensics framework github website lists these Mac profiles for OS 10.11:
Profiles
--------
MacElCapitan_10_11_15A284x64 - A Profile for Mac ElCapitan_10.11_15A284 x64
MacElCapitan_10_11_1_15B42x64 - A Profile for Mac ElCapitan_10.11.1_15B42 x64
MacElCapitan_10_11_2_15C50x64 - A Profile for Mac ElCapitan_10.11.2_15C50 x64
MacElCapitan_10_11_3_15D21_15D13bx64 - A Profile for Mac ElCapitan_10.11.3_15D21_15D13b x64
MacElCapitan_10_11_4_15E27ex64 - A Profile for Mac ElCapitan_10.11.4_15E27e x64
MacElCapitan_10_11_4_15E39dx64 - A Profile for Mac ElCapitan_10.11.4_15E39d x64
MacElCapitan_10_11_4_15E49ax64 - A Profile for Mac ElCapitan_10.11.4_15E49a x64
MacElCapitan_10_11_4_15E65x64 - A Profile for Mac ElCapitan_10.11.4_15E65 x64
MacElCapitan_10_11_5_15F18b_15F24bx64 - A Profile for Mac ElCapitan_10.11.5_15F18b_15F24b x64
MacElCapitan_10_11_5_15F34x64 - A Profile for Mac ElCapitan_10.11.5_15F34 x64
MacElCapitan_10_11_6_15G1004_15G1108x64 - A Profile for Mac ElCapitan_10.11.6_15G1004_15G1108 x64
MacElCapitan_10_11_6_15G1212x64 - A Profile for Mac ElCapitan_10.11.6_15G1212 x64
MacElCapitan_10_11_6_15G1217x64 - A Profile for Mac ElCapitan_10.11.6_15G1217 x64
MacElCapitan_10_11_6_15G12ax64 - A Profile for Mac ElCapitan_10.11.6_15G12a x64
MacElCapitan_10_11_6_15G1421x64 - A Profile for Mac ElCapitan_10.11.6_15G1421 x64
MacElCapitan_10_11_6_15G1510x64 - A Profile for Mac ElCapitan_10.11.6_15G1510 x64
MacElCapitan_10_11_6_15G1611x64 - A Profile for Mac ElCapitan_10.11.6_15G1611 x64
MacElCapitan_10_11_6_15G17023x64 - A Profile for Mac ElCapitan_10.11.6_15G17023 x64
MacElCapitan_10_11_6_15G18013x64 - A Profile for Mac ElCapitan_10.11.6_15G18013 x64
MacElCapitan_10_11_6_15G19009x64 - A Profile for Mac ElCapitan_10.11.6_15G19009 x64
MacElCapitan_10_11_6_15G19ax64 - A Profile for Mac ElCapitan_10.11.6_15G19a x64
MacElCapitan_10_11_6_15G20015x64 - A Profile for Mac ElCapitan_10.11.6_15G20015 x64
MacElCapitan_10_11_6_15G24b_15G31x64 - A Profile for Mac ElCapitan_10.11.6_15G24b_15G31 x64
MacElCapitan_10_11_6_15G7ax64 - A Profile for Mac ElCapitan_10.11.6_15G7a x64
The Mac I am trying to analyze has this About box:
Here is the uname output:
users-Mac:~ user$ uname -a
Darwin users-Mac.local 15.6.0 Darwin Kernel Version 15.6.0: Thu Jun 23 18:25:34 PDT 2016; root:xnu-3248.60.10~1/RELEASE_X86_64 x86_64
users-Mac:~ user$
I have tried all of the Volatility profiles and none of them work.
What does the string in the volatility profile after the 10_11_6_ mean, and how do I find it for my machine?
security memory volatility forensics
asked 57 mins ago
vy32vy32
1,24541633
The Volatility memory forensics framework github website lists these Mac profiles for OS 10.11:
Profiles
--------
MacElCapitan_10_11_15A284x64 - A Profile for Mac ElCapitan_10.11_15A284 x64
MacElCapitan_10_11_1_15B42x64 - A Profile for Mac ElCapitan_10.11.1_15B42 x64
MacElCapitan_10_11_2_15C50x64 - A Profile for Mac ElCapitan_10.11.2_15C50 x64
MacElCapitan_10_11_3_15D21_15D13bx64 - A Profile for Mac ElCapitan_10.11.3_15D21_15D13b x64
MacElCapitan_10_11_4_15E27ex64 - A Profile for Mac ElCapitan_10.11.4_15E27e x64
MacElCapitan_10_11_4_15E39dx64 - A Profile for Mac ElCapitan_10.11.4_15E39d x64
MacElCapitan_10_11_4_15E49ax64 - A Profile for Mac ElCapitan_10.11.4_15E49a x64
MacElCapitan_10_11_4_15E65x64 - A Profile for Mac ElCapitan_10.11.4_15E65 x64
MacElCapitan_10_11_5_15F18b_15F24bx64 - A Profile for Mac ElCapitan_10.11.5_15F18b_15F24b x64
MacElCapitan_10_11_5_15F34x64 - A Profile for Mac ElCapitan_10.11.5_15F34 x64
MacElCapitan_10_11_6_15G1004_15G1108x64 - A Profile for Mac ElCapitan_10.11.6_15G1004_15G1108 x64
MacElCapitan_10_11_6_15G1212x64 - A Profile for Mac ElCapitan_10.11.6_15G1212 x64
MacElCapitan_10_11_6_15G1217x64 - A Profile for Mac ElCapitan_10.11.6_15G1217 x64
MacElCapitan_10_11_6_15G12ax64 - A Profile for Mac ElCapitan_10.11.6_15G12a x64
MacElCapitan_10_11_6_15G1421x64 - A Profile for Mac ElCapitan_10.11.6_15G1421 x64
MacElCapitan_10_11_6_15G1510x64 - A Profile for Mac ElCapitan_10.11.6_15G1510 x64
MacElCapitan_10_11_6_15G1611x64 - A Profile for Mac ElCapitan_10.11.6_15G1611 x64
MacElCapitan_10_11_6_15G17023x64 - A Profile for Mac ElCapitan_10.11.6_15G17023 x64
MacElCapitan_10_11_6_15G18013x64 - A Profile for Mac ElCapitan_10.11.6_15G18013 x64
MacElCapitan_10_11_6_15G19009x64 - A Profile for Mac ElCapitan_10.11.6_15G19009 x64
MacElCapitan_10_11_6_15G19ax64 - A Profile for Mac ElCapitan_10.11.6_15G19a x64
MacElCapitan_10_11_6_15G20015x64 - A Profile for Mac ElCapitan_10.11.6_15G20015 x64
MacElCapitan_10_11_6_15G24b_15G31x64 - A Profile for Mac ElCapitan_10.11.6_15G24b_15G31 x64
MacElCapitan_10_11_6_15G7ax64 - A Profile for Mac ElCapitan_10.11.6_15G7a x64
The Mac I am trying to analyze has this About box:
Here is the uname output:
users-Mac:~ user$ uname -a
Darwin users-Mac.local 15.6.0 Darwin Kernel Version 15.6.0: Thu Jun 23 18:25:34 PDT 2016; root:xnu-3248.60.10~1/RELEASE_X86_64 x86_64
users-Mac:~ user$
I have tried all of the Volatility profiles and none of them work.
What does the string in the volatility profile after the 10_11_6_ mean, and how do I find it for my machine?
security memory volatility forensics
security memory volatility forensics
asked 57 mins ago
vy32vy32
1,24541633
asked 57 mins ago
vy32vy32
1,24541633
asked 57 mins ago
vy32vy32
1,24541633
asked 57 mins ago
vy32vy32
1,24541633
asked 57 mins ago
vy32vy32
1,24541633
1,24541633
Did you redact that serial number or is it made up / virtual?
– bmike♦
35 mins ago
add a comment |
Did you redact that serial number or is it made up / virtual?
– bmike♦
35 mins ago
Did you redact that serial number or is it made up / virtual?
– bmike♦
35 mins ago
Did you redact that serial number or is it made up / virtual?
– bmike♦
35 mins ago
add a comment |
1 Answer
1
active
oldest
votes
That string is the macOS build number. If you click on "10.11.6" in the About-box in your screenshot, it will be revealed right next to the version number.
You can also run sw_vers to get easy build / version / marketing information from the command line.
edited 34 mins ago
bmike♦
159k46286620
answered 41 mins ago
jksoegaardjksoegaard
17.4k1745
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "118"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fapple.stackexchange.com%2fquestions%2f352348%2fwhen-using-volatility-with-a-memory-image-what-is-the-kernel-version%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
That string is the macOS build number. If you click on "10.11.6" in the About-box in your screenshot, it will be revealed right next to the version number.
You can also run sw_vers to get easy build / version / marketing information from the command line.
edited 34 mins ago
bmike♦
159k46286620
answered 41 mins ago
jksoegaardjksoegaard
17.4k1745
add a comment |
That string is the macOS build number. If you click on "10.11.6" in the About-box in your screenshot, it will be revealed right next to the version number.
You can also run sw_vers to get easy build / version / marketing information from the command line.
edited 34 mins ago
bmike♦
159k46286620
answered 41 mins ago
jksoegaardjksoegaard
17.4k1745
add a comment |
That string is the macOS build number. If you click on "10.11.6" in the About-box in your screenshot, it will be revealed right next to the version number.
You can also run sw_vers to get easy build / version / marketing information from the command line.
edited 34 mins ago
bmike♦
159k46286620
answered 41 mins ago
jksoegaardjksoegaard
17.4k1745
That string is the macOS build number. If you click on "10.11.6" in the About-box in your screenshot, it will be revealed right next to the version number.
You can also run sw_vers to get easy build / version / marketing information from the command line.
edited 34 mins ago
bmike♦
159k46286620
answered 41 mins ago
jksoegaardjksoegaard
17.4k1745
edited 34 mins ago
bmike♦
159k46286620
edited 34 mins ago
bmike♦
159k46286620
edited 34 mins ago
bmike♦
159k46286620
159k46286620
answered 41 mins ago
jksoegaardjksoegaard
17.4k1745
answered 41 mins ago
jksoegaardjksoegaard
17.4k1745
answered 41 mins ago
jksoegaardjksoegaard
17.4k1745
17.4k1745
add a comment |
add a comment |
Thanks for contributing an answer to Ask Different!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fapple.stackexchange.com%2fquestions%2f352348%2fwhen-using-volatility-with-a-memory-image-what-is-the-kernel-version%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Did you redact that serial number or is it made up / virtual?
– bmike♦
35 mins ago