From 46b598414605d561c18422d6cff74f102e4f7fe8 Mon Sep 17 00:00:00 2001
From: johnsaigle <nothanks>
Date: Thu, 29 Sep 2022 09:46:24 -0400
Subject: [PATCH] Add disclaimer to MacOS memory dump tool

These instructions don't work on Macs using M1 or M2 chips as the binary
in the release has been compiled to target Intel architecture.

Link to most recent release of the project:
https://github.com/google/rekall/releases/tag/v1.7.1
---
 .../macos-security-and-privilege-escalation/README.md         | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/macos-hardening/macos-security-and-privilege-escalation/README.md b/macos-hardening/macos-security-and-privilege-escalation/README.md
index e28061f4..fceaa3fd 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/README.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/README.md
@@ -806,6 +806,10 @@ ls -Rl /Library/Managed\ Preferences/
 
 In order to dump the memory in a MacOS machine you can use [**osxpmem**](https://github.com/google/rekall/releases/download/v1.5.1/osxpmem-2.1.post4.zip).
 
+**Note**: The following instructions will only work for Macs with Intel architecture. This tool is now archived and the last release was in 2017. 
+The binary downloaded using the instructions below targets Intel chips as Apple Silicon wasn't around in 2017. It may be possible to compile
+the binary for arm64 architecture but you'll have to try for yourself.
+
 ```bash
 #Dump raw format
 sudo osxpmem.app/osxpmem --format raw -o /tmp/dump_mem