Mrthfx

Why is 'diphthong' not pronounced otherwise?

What is a good way to explain how a character can produce flames from their body?

How can I prevent an oracle who can see into the past from knowing everything that has happened?

Possible issue with my W4 and tax return

Is there a way to pause a running process on Linux systems and resume later?

Is there a file that always exists and a 'normal' user can't lstat it?

Case protection with emphasis in biblatex

"Starve to death" Vs. "Starve to the point of death"

Does the US government have any planning in place to ensure there's no shortages of food, fuel, steel and other commodities?

Need help with a circuit diagram where the motor does not seem to have any connection to ground. Error with diagram? Or am i missing something?

How to politely refuse in-office gym instructor for steroids and protein

How do I add a strong "onion flavor" to the biryani (in restaurant style)?

Was there a pre-determined arrangement for the division of Germany in case it surrendered before any Soviet forces entered its territory?

Illustrator to chemdraw

Why did Ylvis use "go" instead of "say" in phrases like "Dog goes 'woof'"?

Is it really OK to use "because of"?

What species should be used for storage of human minds?

Potential client have a problematic employee I can't work with

Sitecore 9.1 Installation - Skip to particular step

What does an unprocessed RAW file look like?

How to not let the Identify spell spoil everything?

Does diversity provide anything that meritocracy does not?

How do I narratively explain how in-game circumstances do not mechanically allow a PC to instantly kill an NPC?

Is the fingering of thirds flexible or do I have to follow the rules?

When using Volatility with a memory image, what is the Kernel version?

Kernel panics; Apple hardware test error codes… Bad memory?What is wired memory?kernel_task using *way* too much memoryUsing memory with a higher MHz rating?Apple Mail Using Excessive Memoryeapolclient process using 30GB of memory?OS X swapping with free memory available?Password field in cleartext inside VPN Apple Mobile profilesWhat could cause swapping when there is no memory spike?What is the purpose of speculative memory?

3

The Volatility memory forensics framework github website lists these Mac profiles for OS 10.11:

Profiles

--------

MacElCapitan_10_11_15A284x64            - A Profile for Mac ElCapitan_10.11_15A284 x64

MacElCapitan_10_11_1_15B42x64           - A Profile for Mac ElCapitan_10.11.1_15B42 x64

MacElCapitan_10_11_2_15C50x64           - A Profile for Mac ElCapitan_10.11.2_15C50 x64

MacElCapitan_10_11_3_15D21_15D13bx64    - A Profile for Mac ElCapitan_10.11.3_15D21_15D13b x64

MacElCapitan_10_11_4_15E27ex64          - A Profile for Mac ElCapitan_10.11.4_15E27e x64

MacElCapitan_10_11_4_15E39dx64          - A Profile for Mac ElCapitan_10.11.4_15E39d x64

MacElCapitan_10_11_4_15E49ax64          - A Profile for Mac ElCapitan_10.11.4_15E49a x64

MacElCapitan_10_11_4_15E65x64           - A Profile for Mac ElCapitan_10.11.4_15E65 x64

MacElCapitan_10_11_5_15F18b_15F24bx64   - A Profile for Mac ElCapitan_10.11.5_15F18b_15F24b x64

MacElCapitan_10_11_5_15F34x64           - A Profile for Mac ElCapitan_10.11.5_15F34 x64

MacElCapitan_10_11_6_15G1004_15G1108x64 - A Profile for Mac ElCapitan_10.11.6_15G1004_15G1108 x64

MacElCapitan_10_11_6_15G1212x64         - A Profile for Mac ElCapitan_10.11.6_15G1212 x64

MacElCapitan_10_11_6_15G1217x64         - A Profile for Mac ElCapitan_10.11.6_15G1217 x64

MacElCapitan_10_11_6_15G12ax64          - A Profile for Mac ElCapitan_10.11.6_15G12a x64

MacElCapitan_10_11_6_15G1421x64         - A Profile for Mac ElCapitan_10.11.6_15G1421 x64

MacElCapitan_10_11_6_15G1510x64         - A Profile for Mac ElCapitan_10.11.6_15G1510 x64

MacElCapitan_10_11_6_15G1611x64         - A Profile for Mac ElCapitan_10.11.6_15G1611 x64

MacElCapitan_10_11_6_15G17023x64        - A Profile for Mac ElCapitan_10.11.6_15G17023 x64

MacElCapitan_10_11_6_15G18013x64        - A Profile for Mac ElCapitan_10.11.6_15G18013 x64

MacElCapitan_10_11_6_15G19009x64        - A Profile for Mac ElCapitan_10.11.6_15G19009 x64

MacElCapitan_10_11_6_15G19ax64          - A Profile for Mac ElCapitan_10.11.6_15G19a x64

MacElCapitan_10_11_6_15G20015x64        - A Profile for Mac ElCapitan_10.11.6_15G20015 x64

MacElCapitan_10_11_6_15G24b_15G31x64    - A Profile for Mac ElCapitan_10.11.6_15G24b_15G31 x64

MacElCapitan_10_11_6_15G7ax64           - A Profile for Mac ElCapitan_10.11.6_15G7a x64

The Mac I am trying to analyze has this About box:

Here is the uname output:

users-Mac:~ user$ uname -a

Darwin users-Mac.local 15.6.0 Darwin Kernel Version 15.6.0: Thu Jun 23 18:25:34 PDT 2016; root:xnu-3248.60.10~1/RELEASE_X86_64 x86_64

users-Mac:~ user$ 

I have tried all of the Volatility profiles and none of them work.

What does the string in the volatility profile after the 10_11_6_ mean, and how do I find it for my machine?

security memory volatility forensics

share|improve this question

asked 15 hours ago

vy32vy32

1,25541633

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Did you redact that serial number or is it made up / virtual?
  
  – bmike♦
  14 hours ago
  

  
  
  
  

add a comment | 

3

The Volatility memory forensics framework github website lists these Mac profiles for OS 10.11:

Profiles

--------

MacElCapitan_10_11_15A284x64            - A Profile for Mac ElCapitan_10.11_15A284 x64

MacElCapitan_10_11_1_15B42x64           - A Profile for Mac ElCapitan_10.11.1_15B42 x64

MacElCapitan_10_11_2_15C50x64           - A Profile for Mac ElCapitan_10.11.2_15C50 x64

MacElCapitan_10_11_3_15D21_15D13bx64    - A Profile for Mac ElCapitan_10.11.3_15D21_15D13b x64

MacElCapitan_10_11_4_15E27ex64          - A Profile for Mac ElCapitan_10.11.4_15E27e x64

MacElCapitan_10_11_4_15E39dx64          - A Profile for Mac ElCapitan_10.11.4_15E39d x64

MacElCapitan_10_11_4_15E49ax64          - A Profile for Mac ElCapitan_10.11.4_15E49a x64

MacElCapitan_10_11_4_15E65x64           - A Profile for Mac ElCapitan_10.11.4_15E65 x64

MacElCapitan_10_11_5_15F18b_15F24bx64   - A Profile for Mac ElCapitan_10.11.5_15F18b_15F24b x64

MacElCapitan_10_11_5_15F34x64           - A Profile for Mac ElCapitan_10.11.5_15F34 x64

MacElCapitan_10_11_6_15G1004_15G1108x64 - A Profile for Mac ElCapitan_10.11.6_15G1004_15G1108 x64

MacElCapitan_10_11_6_15G1212x64         - A Profile for Mac ElCapitan_10.11.6_15G1212 x64

MacElCapitan_10_11_6_15G1217x64         - A Profile for Mac ElCapitan_10.11.6_15G1217 x64

MacElCapitan_10_11_6_15G12ax64          - A Profile for Mac ElCapitan_10.11.6_15G12a x64

MacElCapitan_10_11_6_15G1421x64         - A Profile for Mac ElCapitan_10.11.6_15G1421 x64

MacElCapitan_10_11_6_15G1510x64         - A Profile for Mac ElCapitan_10.11.6_15G1510 x64

MacElCapitan_10_11_6_15G1611x64         - A Profile for Mac ElCapitan_10.11.6_15G1611 x64

MacElCapitan_10_11_6_15G17023x64        - A Profile for Mac ElCapitan_10.11.6_15G17023 x64

MacElCapitan_10_11_6_15G18013x64        - A Profile for Mac ElCapitan_10.11.6_15G18013 x64

MacElCapitan_10_11_6_15G19009x64        - A Profile for Mac ElCapitan_10.11.6_15G19009 x64

MacElCapitan_10_11_6_15G19ax64          - A Profile for Mac ElCapitan_10.11.6_15G19a x64

MacElCapitan_10_11_6_15G20015x64        - A Profile for Mac ElCapitan_10.11.6_15G20015 x64

MacElCapitan_10_11_6_15G24b_15G31x64    - A Profile for Mac ElCapitan_10.11.6_15G24b_15G31 x64

MacElCapitan_10_11_6_15G7ax64           - A Profile for Mac ElCapitan_10.11.6_15G7a x64

The Mac I am trying to analyze has this About box:

Here is the uname output:

users-Mac:~ user$ uname -a

Darwin users-Mac.local 15.6.0 Darwin Kernel Version 15.6.0: Thu Jun 23 18:25:34 PDT 2016; root:xnu-3248.60.10~1/RELEASE_X86_64 x86_64

users-Mac:~ user$ 

I have tried all of the Volatility profiles and none of them work.

What does the string in the volatility profile after the 10_11_6_ mean, and how do I find it for my machine?

security memory volatility forensics

share|improve this question

asked 15 hours ago

vy32vy32

1,25541633

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Did you redact that serial number or is it made up / virtual?
  
  – bmike♦
  14 hours ago
  

  
  
  
  

add a comment | 

The Volatility memory forensics framework github website lists these Mac profiles for OS 10.11:

Profiles

--------

MacElCapitan_10_11_15A284x64            - A Profile for Mac ElCapitan_10.11_15A284 x64

MacElCapitan_10_11_1_15B42x64           - A Profile for Mac ElCapitan_10.11.1_15B42 x64

MacElCapitan_10_11_2_15C50x64           - A Profile for Mac ElCapitan_10.11.2_15C50 x64

MacElCapitan_10_11_3_15D21_15D13bx64    - A Profile for Mac ElCapitan_10.11.3_15D21_15D13b x64

MacElCapitan_10_11_4_15E27ex64          - A Profile for Mac ElCapitan_10.11.4_15E27e x64

MacElCapitan_10_11_4_15E39dx64          - A Profile for Mac ElCapitan_10.11.4_15E39d x64

MacElCapitan_10_11_4_15E49ax64          - A Profile for Mac ElCapitan_10.11.4_15E49a x64

MacElCapitan_10_11_4_15E65x64           - A Profile for Mac ElCapitan_10.11.4_15E65 x64

MacElCapitan_10_11_5_15F18b_15F24bx64   - A Profile for Mac ElCapitan_10.11.5_15F18b_15F24b x64

MacElCapitan_10_11_5_15F34x64           - A Profile for Mac ElCapitan_10.11.5_15F34 x64

MacElCapitan_10_11_6_15G1004_15G1108x64 - A Profile for Mac ElCapitan_10.11.6_15G1004_15G1108 x64

MacElCapitan_10_11_6_15G1212x64         - A Profile for Mac ElCapitan_10.11.6_15G1212 x64

MacElCapitan_10_11_6_15G1217x64         - A Profile for Mac ElCapitan_10.11.6_15G1217 x64

MacElCapitan_10_11_6_15G12ax64          - A Profile for Mac ElCapitan_10.11.6_15G12a x64

MacElCapitan_10_11_6_15G1421x64         - A Profile for Mac ElCapitan_10.11.6_15G1421 x64

MacElCapitan_10_11_6_15G1510x64         - A Profile for Mac ElCapitan_10.11.6_15G1510 x64

MacElCapitan_10_11_6_15G1611x64         - A Profile for Mac ElCapitan_10.11.6_15G1611 x64

MacElCapitan_10_11_6_15G17023x64        - A Profile for Mac ElCapitan_10.11.6_15G17023 x64

MacElCapitan_10_11_6_15G18013x64        - A Profile for Mac ElCapitan_10.11.6_15G18013 x64

MacElCapitan_10_11_6_15G19009x64        - A Profile for Mac ElCapitan_10.11.6_15G19009 x64

MacElCapitan_10_11_6_15G19ax64          - A Profile for Mac ElCapitan_10.11.6_15G19a x64

MacElCapitan_10_11_6_15G20015x64        - A Profile for Mac ElCapitan_10.11.6_15G20015 x64

MacElCapitan_10_11_6_15G24b_15G31x64    - A Profile for Mac ElCapitan_10.11.6_15G24b_15G31 x64

MacElCapitan_10_11_6_15G7ax64           - A Profile for Mac ElCapitan_10.11.6_15G7a x64

The Mac I am trying to analyze has this About box:

Here is the uname output:

users-Mac:~ user$ uname -a

Darwin users-Mac.local 15.6.0 Darwin Kernel Version 15.6.0: Thu Jun 23 18:25:34 PDT 2016; root:xnu-3248.60.10~1/RELEASE_X86_64 x86_64

users-Mac:~ user$ 

I have tried all of the Volatility profiles and none of them work.

What does the string in the volatility profile after the 10_11_6_ mean, and how do I find it for my machine?

security memory volatility forensics

share|improve this question

asked 15 hours ago

vy32vy32

1,25541633

Profiles

--------

MacElCapitan_10_11_15A284x64            - A Profile for Mac ElCapitan_10.11_15A284 x64

MacElCapitan_10_11_1_15B42x64           - A Profile for Mac ElCapitan_10.11.1_15B42 x64

MacElCapitan_10_11_2_15C50x64           - A Profile for Mac ElCapitan_10.11.2_15C50 x64

MacElCapitan_10_11_3_15D21_15D13bx64    - A Profile for Mac ElCapitan_10.11.3_15D21_15D13b x64

MacElCapitan_10_11_4_15E27ex64          - A Profile for Mac ElCapitan_10.11.4_15E27e x64

MacElCapitan_10_11_4_15E39dx64          - A Profile for Mac ElCapitan_10.11.4_15E39d x64

MacElCapitan_10_11_4_15E49ax64          - A Profile for Mac ElCapitan_10.11.4_15E49a x64

MacElCapitan_10_11_4_15E65x64           - A Profile for Mac ElCapitan_10.11.4_15E65 x64

MacElCapitan_10_11_5_15F18b_15F24bx64   - A Profile for Mac ElCapitan_10.11.5_15F18b_15F24b x64

MacElCapitan_10_11_5_15F34x64           - A Profile for Mac ElCapitan_10.11.5_15F34 x64

MacElCapitan_10_11_6_15G1004_15G1108x64 - A Profile for Mac ElCapitan_10.11.6_15G1004_15G1108 x64

MacElCapitan_10_11_6_15G1212x64         - A Profile for Mac ElCapitan_10.11.6_15G1212 x64

MacElCapitan_10_11_6_15G1217x64         - A Profile for Mac ElCapitan_10.11.6_15G1217 x64

MacElCapitan_10_11_6_15G12ax64          - A Profile for Mac ElCapitan_10.11.6_15G12a x64

MacElCapitan_10_11_6_15G1421x64         - A Profile for Mac ElCapitan_10.11.6_15G1421 x64

MacElCapitan_10_11_6_15G1510x64         - A Profile for Mac ElCapitan_10.11.6_15G1510 x64

MacElCapitan_10_11_6_15G1611x64         - A Profile for Mac ElCapitan_10.11.6_15G1611 x64

MacElCapitan_10_11_6_15G17023x64        - A Profile for Mac ElCapitan_10.11.6_15G17023 x64

MacElCapitan_10_11_6_15G18013x64        - A Profile for Mac ElCapitan_10.11.6_15G18013 x64

MacElCapitan_10_11_6_15G19009x64        - A Profile for Mac ElCapitan_10.11.6_15G19009 x64

MacElCapitan_10_11_6_15G19ax64          - A Profile for Mac ElCapitan_10.11.6_15G19a x64

MacElCapitan_10_11_6_15G20015x64        - A Profile for Mac ElCapitan_10.11.6_15G20015 x64

MacElCapitan_10_11_6_15G24b_15G31x64    - A Profile for Mac ElCapitan_10.11.6_15G24b_15G31 x64

MacElCapitan_10_11_6_15G7ax64           - A Profile for Mac ElCapitan_10.11.6_15G7a x64

users-Mac:~ user$ uname -a

Darwin users-Mac.local 15.6.0 Darwin Kernel Version 15.6.0: Thu Jun 23 18:25:34 PDT 2016; root:xnu-3248.60.10~1/RELEASE_X86_64 x86_64

users-Mac:~ user$ 

share|improve this question

asked 15 hours ago

vy32vy32

1,25541633

share|improve this question

asked 15 hours ago

vy32vy32

1,25541633

asked 15 hours ago

vy32vy32

1,25541633

asked 15 hours ago

vy32vy32

1,25541633

1 Answer
1

active

oldest

votes

6

That string is the macOS build number. If you click on "10.11.6" in the About-box in your screenshot, it will be revealed right next to the version number.

You can also run sw_vers to get easy build / version / marketing information from the command line.

share|improve this answer

edited 14 hours ago

bmike♦

159k46286620

answered 15 hours ago

jksoegaardjksoegaard

17.5k1745

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks! Now if I could just get a Volatility profile for 15G31.
  
  – vy32
  13 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I always thought Apple is famous for their user interfaces.
  
  – Jost
  7 hours ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "118"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fapple.stackexchange.com%2fquestions%2f352348%2fwhen-using-volatility-with-a-memory-image-what-is-the-kernel-version%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

6

That string is the macOS build number. If you click on "10.11.6" in the About-box in your screenshot, it will be revealed right next to the version number.

You can also run sw_vers to get easy build / version / marketing information from the command line.

share|improve this answer

edited 14 hours ago

bmike♦

159k46286620

answered 15 hours ago

jksoegaardjksoegaard

17.5k1745

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks! Now if I could just get a Volatility profile for 15G31.
  
  – vy32
  13 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I always thought Apple is famous for their user interfaces.
  
  – Jost
  7 hours ago
  

  
  
  
  

add a comment | 

6

That string is the macOS build number. If you click on "10.11.6" in the About-box in your screenshot, it will be revealed right next to the version number.

You can also run sw_vers to get easy build / version / marketing information from the command line.

share|improve this answer

edited 14 hours ago

bmike♦

159k46286620

answered 15 hours ago

jksoegaardjksoegaard

17.5k1745

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks! Now if I could just get a Volatility profile for 15G31.
  
  – vy32
  13 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I always thought Apple is famous for their user interfaces.
  
  – Jost
  7 hours ago
  

  
  
  
  

add a comment | 

That string is the macOS build number. If you click on "10.11.6" in the About-box in your screenshot, it will be revealed right next to the version number.

You can also run sw_vers to get easy build / version / marketing information from the command line.

share|improve this answer

edited 14 hours ago

bmike♦

159k46286620

answered 15 hours ago

jksoegaardjksoegaard

17.5k1745

share|improve this answer

edited 14 hours ago

bmike♦

159k46286620

answered 15 hours ago

jksoegaardjksoegaard

17.5k1745

edited 14 hours ago

bmike♦

159k46286620

edited 14 hours ago

bmike♦

159k46286620

answered 15 hours ago

jksoegaardjksoegaard

17.5k1745

answered 15 hours ago

jksoegaardjksoegaard

17.5k1745