Mac Memoryze™ v1.0 released

Mandiant is introducing a new free tool, Mac Memoryze™, which brings memory imaging and analysis to the Mac. It joins a growing list of freeware tools Mandiant currently provides.

  • Mac Memoryze brings many of the features of Memoryze to the Apple Macintosh platform. This new tool enables acquisition of memory images via the command-line or a simple GUI. In addition, Mac Memoryze can perform offline analysis against memory images or live analysis on a running system.

The tool supports the following features:

  • Imaging the full range of system memory
  • Acquiring individual processes memory regions
  • Enumerating all running processes
    • Including those hidden by rootkits

For each process, Mac Memoryze can:

  • Report all open file handles in a process (e.g. all files,sockets, pipes, etc.)
  • List the virtual address space of a process including loaded libraries and allocated portions of heap and execution stack
  • List network connections
    • Active and listening
  • Enumerate
    • All loaded kernel extensions including those hidden by rootkits
    • The System Call Table and Mach Trap Table
    • All running Mach Tasks

Download

NJ Ouchn

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"