Are there Mac and Linux releases? #28
Comments
|
Currently this project is windows only. I have no plans to support other operating systems (but would love contributions). Supporting other operating systems would require a totally different code base and so it makes sense these should be in a different project (hence the name WinPmem). |
I thought the same also but then I saw your page here: https://winpmem.velocidex.com/ which states that OSXPmem and LinPMem were included: "This is the official site of the Pmem memory acquisition tools. These include WinPmem, OSXPmem and LinPmem. So I thought I'd ask. May want to updated that. Thanks |
|
Ah thanks for pointing it out. This is a case of out of date documentation.
…On Tue, Mar 2, 2021, 10:13 Nathan McBride ***@***.***> wrote:
Currently this project is windows only. I have no plans to support other
operating systems (but would love contributions). Supporting other
operating systems would require a totally different code base and so it
makes sense these should be in a different project (hence the name *Win*
Pmem).
I thought the same also but then I saw your page here:
https://winpmem.velocidex.com/ which states that OSXPmem and LinPMem were
included:
"This is the official site of the Pmem memory acquisition tools. These
include WinPmem, OSXPmem and LinPmem.
So I thought I'd ask. May want to updated that.
Thanks
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#28 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA5NRIWNOIKVH4AOGTMNPYTTBQURLANCNFSM4YM27KJA>
.
|
|
@scudette what happened to Rekall? Why was it dropped out? Sorry if it is a bit off topic. Is there then anyone else looking at macOS and Linux memory dumping drivers and tools now? |
|
Hi Diogo,
AFAIK no one took over the Rekall project when I left Google in 2018...
Rekall used a lot of time and effort to keep the project in sync with the
latest kernel builds.
I just saw a SANS video that suggests macpmem still works in 2021 :-).
https://www.youtube.com/watch?v=KDKRjeQk7ds
Linux acquisition still depends on /dev/kcore or compiling a custom driver
(not practical in most DFIR cases). I do not think any of this changed but
I am not sure.
To be perfectly honest I dont do memory acquisition or analysis very much
these days since the utility and reliability of memory analysis vs other
methods does not justify the cost (in terms of time and maintenance). It is
simpler and more reliable to get the same information using APIs or other
methods than through memory analysis.
Thanks
Mike
Mike Cohen
Digital Paleontologist,
Velocidex Enterprises
M +61 470 238 491 <+61+470+238+491>
E ***@***.*** ***@***.***>
…On Thu, Apr 15, 2021 at 9:06 PM Diogo Fernandes ***@***.***> wrote:
@scudette <https://github.com/scudette> what happened to Rekall? Why was
it dropped out?
Is there then anyone else looking at macOS and Linux memory dumping
drivers and tools now?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#28 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA5NRIVLXQHWBWRORSWBUXTTI3CEZANCNFSM4YM27KJA>
.
|
|
The Rekall repo (https://github.com/google/rekall) has been archived by Google, so supposedly no one took over indeed. It would actually be great if you guys at Velocidex could somehow manage to continue with |
|
Well we do support winpmem development to some extent in this repository,
but I really have no idea about osxpmem development (but I believe it still
works?). I think linpmem is just a user space program that copies kcore so
it should continue to work?
Are you just suggesting we copy those into this repository so they are
easier to find?
Thanks
Mike
…On Fri, Apr 16, 2021, 02:17 Diogo Fernandes ***@***.***> wrote:
The Rekall repo (https://github.com/google/rekall) has been archived by
Google, so supposedly no one took over indeed. It would actually be great
if you guys at Velocidex could somehow manage to continue with pmem
support for all platforms.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#28 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA5NRIS6UBA33VBT3RSWNNDTI4GQVANCNFSM4YM27KJA>
.
|
|
Definitely grateful for continuing on with As for |
Hello,
I was wondering if there were releases for Mac and Linux as well as Windows?
Thanks very much.
The text was updated successfully, but these errors were encountered: