SlideShare a Scribd company logo

Mac Forensics

CTIN
CTIN
Technology
1 of 88
MacIntosh Forensics A presentation by Special Agent Thomas R. Nesbitt Federal Bureau of Investigation With assistance from presentations Prepared by John Mallory And Wayne Mitchell
The Mothership
WHY MAC FORENSICS? ,[object Object],[object Object],[object Object],[object Object]
 
MAC CLASSIC ,[object Object],[object Object],[object Object]
MAC CLASSIC ,[object Object],[object Object],[object Object],[object Object]
MAC FORENSICS ,[object Object],[object Object],[object Object]
MAC FORENSICS ,[object Object],[object Object],[object Object]
 
MAC OS X ,[object Object],[object Object],[object Object]
 
MAC FORENSICS ,[object Object],[object Object]
OS X ,[object Object],[object Object],[object Object],[object Object]
OS X ,[object Object],[object Object],[object Object],[object Object]
OS X ,[object Object],[object Object],[object Object],[object Object]
OS X ,[object Object],[object Object]
ACQUISITION ,[object Object],[object Object]
 
ACQUISITION ,[object Object]
ACQUISITION ,[object Object]
ACQUISITION ,[object Object],[object Object]
ACQUISITION ,[object Object],[object Object],[object Object]
ACQUISITION ,[object Object],[object Object],[object Object]
ACQUISITION ,[object Object],[object Object]
ACQUISITION ,[object Object],[object Object]
ACQUISITION ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
ACQUISITION ,[object Object],[object Object],[object Object],[object Object]
ACQUISITION ,[object Object],[object Object],[object Object],[object Object]
ACQUISITION ,[object Object],[object Object],[object Object],[object Object],[object Object]
ACQUISITION ,[object Object],[object Object],[object Object],[object Object]
ACQUISITION ,[object Object],[object Object],[object Object]
ACQUISITION ,[object Object],[object Object],[object Object],[object Object],[object Object]
DISK ARBITRATION JAGUAR ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
DISK ARBITRATION PANTHER ,[object Object],[object Object],[object Object]
DISK ARBITRATION-DISABLING PANTHER ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
ACQUISITION TARGET MODE ,[object Object],[object Object],[object Object],[object Object]
ACQUISITION TARGET MODE ,[object Object],[object Object],[object Object]
ACQUISITION -BLACK BAG ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
ACQUISITION -BLACK BAG
ACQUISITION -BLACK BAG
ACQUISITION -BLACK BAG
ACQUISITION -BLACK BAG
ACQUISITION ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
EXAMINATION ,[object Object],[object Object],[object Object],[object Object]
EXAMINATION ,[object Object],[object Object],[object Object]
EXAMINATION ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
EXAMINATION ,[object Object],[object Object],[object Object],[object Object]
EXAMINATION ,[object Object],[object Object]
EXAMINATION ,[object Object],[object Object]
EXAMINATION
EXAMINATION ,[object Object],[object Object],[object Object]
GRAB - Built in Utility
Common Email Clients ,[object Object],[object Object],[object Object]
Software Tools ,[object Object],[object Object],[object Object]
Email ,[object Object],[object Object],[object Object],[object Object]
Apple Mail ,[object Object],[object Object],[object Object],[object Object]
Apple Mail - file locations ,[object Object],[object Object],[object Object]
Microsoft Entourage ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Microsoft Entourage - file locations ,[object Object],[object Object],[object Object]
Microsoft Entourage - Processing ,[object Object],[object Object],[object Object],[object Object]
America Online 10.3.7 ,[object Object],[object Object],[object Object],[object Object]
America Online - file locations ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
America Online - Processing ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Emailchemy
Common Browsers ,[object Object],[object Object],[object Object],[object Object],[object Object]
Browser Data ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Forensic data recovered from browsers typically includes the following:
Software Tools ,[object Object],[object Object],[object Object]
Safari Browser ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Safari - file locations ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Firefox Browser ,[object Object],[object Object],[object Object],[object Object]
Firefox - file locations ,[object Object],[object Object],[object Object],[object Object]
America Online 10.3.7 ,[object Object],[object Object],[object Object],[object Object]
Microsoft Internet Explorer ,[object Object],[object Object],[object Object],[object Object],waf files are container files which hold the browser cache or downloaded files. Usually 10MB by default. Microsoft has discontinued support for IE and it is no longer available for download.
MS IE - Processing ,[object Object],[object Object],[object Object],[object Object],[object Object]
Opera Browser ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Opera - file locations ,[object Object],[object Object],[object Object],[object Object],[object Object]
Opera - file locations ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
iChat ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
iChat file locations ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Other Chat Programs ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
STRING SEARCHES - Common Techniques ,[object Object],[object Object],[object Object]
Spotlight ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Spotlight ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Spotlight ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Command Line (Find + Grep) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Command Line ,[object Object],[object Object],[object Object]
Command Line ,[object Object],[object Object],[object Object]
BBT Active File Searcher ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Recommended

Linux forensics
Linux forensicsLinux forensics
Linux forensicsSantosh Khadsare
 
Windows Forensic 101
Windows Forensic 101Windows Forensic 101
Windows Forensic 101Digit Oktavianto
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows SystemConferencias FIST
 
Windows forensic artifacts
Windows forensic artifactsWindows forensic artifacts
Windows forensic artifactsn|u - The Open Security Community
 
Windowsforensics
WindowsforensicsWindowsforensics
WindowsforensicsSantosh Khadsare
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsyash sawarkar
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensicsTaha İslam YILMAZ
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensicsn|u - The Open Security Community
 

Recommended

Linux forensics
Linux forensicsLinux forensics
Linux forensicsSantosh Khadsare
 
Windows Forensic 101
Windows Forensic 101Windows Forensic 101
Windows Forensic 101Digit Oktavianto
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows SystemConferencias FIST
 
Windows forensic artifacts
Windows forensic artifactsWindows forensic artifacts
Windows forensic artifactsn|u - The Open Security Community
 
Windowsforensics
WindowsforensicsWindowsforensics
WindowsforensicsSantosh Khadsare
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsyash sawarkar
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensicsTaha İslam YILMAZ
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensicsn|u - The Open Security Community
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Ntfs forensics
Ntfs forensicsNtfs forensics
Ntfs forensicsn|u - The Open Security Community
 
Registry forensics
Registry forensicsRegistry forensics
Registry forensicsPrince Boonlia
 
NTFS Forensics
NTFS Forensics NTFS Forensics
NTFS Forensics nullowaspmumbai
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsMayank Chaudhari
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenesprimeteacher32
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System ForensicsArunJS5
 
Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory ForensicsIIJ
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisitionprimeteacher32
 
MindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat SheetMindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat SheetJuan F. Padilla
 
File system
File systemFile system
File systemHarleen Johal
 
Browser forensics
Browser forensicsBrowser forensics
Browser forensicsPrince Boonlia
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsDaksh Verma
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 
Lecture4 Windows System Artifacts.pptx
Lecture4 Windows System Artifacts.pptxLecture4 Windows System Artifacts.pptx
Lecture4 Windows System Artifacts.pptxGaganvirKaur
 
Data recovery power point
Data recovery power pointData recovery power point
Data recovery power pointtutannandi
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Cyber forensic 1
Cyber forensic 1Cyber forensic 1
Cyber forensic 1anilinvns
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
G Infomgnt
G InfomgntG Infomgnt
G InfomgntCTIN
 
Capturing forensics image
Capturing forensics imageCapturing forensics image
Capturing forensics imageChris Harrington
 

More Related Content

What's hot

01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsMayank Chaudhari
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenesprimeteacher32
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System ForensicsArunJS5
 
Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory ForensicsIIJ
 
MindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat SheetMindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat SheetJuan F. Padilla
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsDaksh Verma
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 
Lecture4 Windows System Artifacts.pptx
Lecture4 Windows System Artifacts.pptxLecture4 Windows System Artifacts.pptx
Lecture4 Windows System Artifacts.pptxGaganvirKaur
 
Data recovery power point
Data recovery power pointData recovery power point
Data recovery power pointtutannandi
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Cyber forensic 1
Cyber forensic 1Cyber forensic 1
Cyber forensic 1anilinvns
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 

What's hot (20)

01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
 
Ntfs forensics
Ntfs forensicsNtfs forensics
Ntfs forensics
 
Registry forensics
Registry forensicsRegistry forensics
Registry forensics
 
NTFS Forensics
NTFS Forensics NTFS Forensics
NTFS Forensics
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensics
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenes
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System Forensics
 
Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory Forensics
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisition
 
MindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat SheetMindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat Sheet
 
File system
File systemFile system
File system
 
Browser forensics
Browser forensicsBrowser forensics
Browser forensics
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
 
Lecture4 Windows System Artifacts.pptx
Lecture4 Windows System Artifacts.pptxLecture4 Windows System Artifacts.pptx
Lecture4 Windows System Artifacts.pptx
 
Data recovery power point
Data recovery power pointData recovery power point
Data recovery power point
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 
Cyber forensic 1
Cyber forensic 1Cyber forensic 1
Cyber forensic 1
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
 

Viewers also liked

G Infomgnt
G InfomgntG Infomgnt
G InfomgntCTIN
 
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...OWASP Turkiye
 
Social Media Forensics for Investigators
Social Media Forensics for InvestigatorsSocial Media Forensics for Investigators
Social Media Forensics for InvestigatorsCase IQ
 
Windows nt istallation
Windows nt istallationWindows nt istallation
Windows nt istallationHarleen Johal
 
Social Media for Investigations Tools
Social Media for Investigations ToolsSocial Media for Investigations Tools
Social Media for Investigations ToolsMandy Jenkins
 
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...Mark Matienzo
 
Using and Developing with Open Source Digital Forensics Software in Digital A...
Using and Developing with Open Source Digital Forensics Software in Digital A...Using and Developing with Open Source Digital Forensics Software in Digital A...
Using and Developing with Open Source Digital Forensics Software in Digital A...Mark Matienzo
 
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics PlatformAutopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics PlatformBasis Technology
 
Files and Folders in Windows 7
Files and Folders in Windows 7Files and Folders in Windows 7
Files and Folders in Windows 7RIAH ENCARNACION
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsBrent Muir
 
The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics00heights
 
Anti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and preventionAnti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and preventionSeccuris Inc.
 
Translating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityTranslating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityCTIN
 
NTFS file system
NTFS file systemNTFS file system
NTFS file systemRavi Yasas
 
Windows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsWindows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsMike Spaulding
 

Viewers also liked (20)

G Infomgnt
G InfomgntG Infomgnt
G Infomgnt
 
Capturing forensics image
Capturing forensics imageCapturing forensics image
Capturing forensics image
 
Disk forensics
Disk forensicsDisk forensics
Disk forensics
 
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...
 
Social Media Forensics for Investigators
Social Media Forensics for InvestigatorsSocial Media Forensics for Investigators
Social Media Forensics for Investigators
 
Windows nt istallation
Windows nt istallationWindows nt istallation
Windows nt istallation
 
Social Media for Investigations Tools
Social Media for Investigations ToolsSocial Media for Investigations Tools
Social Media for Investigations Tools
 
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
 
Using and Developing with Open Source Digital Forensics Software in Digital A...
Using and Developing with Open Source Digital Forensics Software in Digital A...Using and Developing with Open Source Digital Forensics Software in Digital A...
Using and Developing with Open Source Digital Forensics Software in Digital A...
 
NTFS vs FAT
NTFS vs FATNTFS vs FAT
NTFS vs FAT
 
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics PlatformAutopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
 
Files and Folders in Windows 7
Files and Folders in Windows 7Files and Folders in Windows 7
Files and Folders in Windows 7
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary Artefacts
 
The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics
 
Anti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and preventionAnti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and prevention
 
Translating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityTranslating Geek To Attorneys It Security
Translating Geek To Attorneys It Security
 
NTFS file system
NTFS file systemNTFS file system
NTFS file system
 
Netcat cheat sheet
Netcat cheat sheetNetcat cheat sheet
Netcat cheat sheet
 
Windows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsWindows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti Forensics
 
File carving tools
File carving toolsFile carving tools
File carving tools
 

Similar to Mac Forensics

First Responder Course - Session 10 - Static Evidence Collection [2004]
First Responder Course - Session 10 - Static Evidence Collection [2004]First Responder Course - Session 10 - Static Evidence Collection [2004]
First Responder Course - Session 10 - Static Evidence Collection [2004]Phil Huggins FBCS CITP
 
Mac os installation and Hardware Report
Mac os installation and Hardware ReportMac os installation and Hardware Report
Mac os installation and Hardware ReportPratik Vyas
 
Howtoinstallarchlinuxtousb final-120610172253-phpapp01
Howtoinstallarchlinuxtousb final-120610172253-phpapp01Howtoinstallarchlinuxtousb final-120610172253-phpapp01
Howtoinstallarchlinuxtousb final-120610172253-phpapp01decenttr
 
How to Install ArchLinux to a USB Flashdrive in 2012
How to Install ArchLinux to a USB Flashdrive in 2012How to Install ArchLinux to a USB Flashdrive in 2012
How to Install ArchLinux to a USB Flashdrive in 2012Chukwuma Onyeije, MD, FACOG
 
Beginning Mac Os X
Beginning Mac Os XBeginning Mac Os X
Beginning Mac Os XPerry Lund
 
Mac OSX - Presentation for NEWLUG - Nov. 2010
Mac OSX - Presentation for NEWLUG - Nov. 2010Mac OSX - Presentation for NEWLUG - Nov. 2010
Mac OSX - Presentation for NEWLUG - Nov. 2010NEWLUG
 
66628558 computer-terms-guide
66628558 computer-terms-guide66628558 computer-terms-guide
66628558 computer-terms-guidei_amprecious
 
Recipe of a linux Live CD (archived)
Recipe of a linux Live CD (archived)Recipe of a linux Live CD (archived)
Recipe of a linux Live CD (archived)Bud Siddhisena
 
Andresen 8 21 02
Andresen 8 21 02Andresen 8 21 02
Andresen 8 21 02FNian
 
Cd rom mounting cdro-ms on solaris
Cd rom mounting cdro-ms on solarisCd rom mounting cdro-ms on solaris
Cd rom mounting cdro-ms on solarisBui Van Cuong
 
U Boot or Universal Bootloader
U Boot or Universal BootloaderU Boot or Universal Bootloader
U Boot or Universal BootloaderSatpal Parmar
 
When disk utility fails to fix Mac OS X file system corruption issues
When disk utility fails to fix Mac OS X file system corruption issuesWhen disk utility fails to fix Mac OS X file system corruption issues
When disk utility fails to fix Mac OS X file system corruption issuesdatarecovery osx
 

Similar to Mac Forensics (20)

Linux
LinuxLinux
Linux
 
Linux
Linux Linux
Linux
 
First Responder Course - Session 10 - Static Evidence Collection [2004]
First Responder Course - Session 10 - Static Evidence Collection [2004]First Responder Course - Session 10 - Static Evidence Collection [2004]
First Responder Course - Session 10 - Static Evidence Collection [2004]
 
Mac os installation and Hardware Report
Mac os installation and Hardware ReportMac os installation and Hardware Report
Mac os installation and Hardware Report
 
Howtoinstallarchlinuxtousb final-120610172253-phpapp01
Howtoinstallarchlinuxtousb final-120610172253-phpapp01Howtoinstallarchlinuxtousb final-120610172253-phpapp01
Howtoinstallarchlinuxtousb final-120610172253-phpapp01
 
How to Install ArchLinux to a USB Flashdrive in 2012
How to Install ArchLinux to a USB Flashdrive in 2012How to Install ArchLinux to a USB Flashdrive in 2012
How to Install ArchLinux to a USB Flashdrive in 2012
 
Beginning Mac Os X
Beginning Mac Os XBeginning Mac Os X
Beginning Mac Os X
 
Mac OSX - Presentation for NEWLUG - Nov. 2010
Mac OSX - Presentation for NEWLUG - Nov. 2010Mac OSX - Presentation for NEWLUG - Nov. 2010
Mac OSX - Presentation for NEWLUG - Nov. 2010
 
66628558 computer-terms-guide
66628558 computer-terms-guide66628558 computer-terms-guide
66628558 computer-terms-guide
 
Introductory Mac OS X
Introductory Mac OS XIntroductory Mac OS X
Introductory Mac OS X
 
4th
4th4th
4th
 
Ch12 system administration
Ch12 system administration Ch12 system administration
Ch12 system administration
 
Xen time machine
Xen time machineXen time machine
Xen time machine
 
Recipe of a linux Live CD (archived)
Recipe of a linux Live CD (archived)Recipe of a linux Live CD (archived)
Recipe of a linux Live CD (archived)
 
Andresen 8 21 02
Andresen 8 21 02Andresen 8 21 02
Andresen 8 21 02
 
Cd rom mounting cdro-ms on solaris
Cd rom mounting cdro-ms on solarisCd rom mounting cdro-ms on solaris
Cd rom mounting cdro-ms on solaris
 
U Boot or Universal Bootloader
U Boot or Universal BootloaderU Boot or Universal Bootloader
U Boot or Universal Bootloader
 
When disk utility fails to fix Mac OS X file system corruption issues
When disk utility fails to fix Mac OS X file system corruption issuesWhen disk utility fails to fix Mac OS X file system corruption issues
When disk utility fails to fix Mac OS X file system corruption issues
 
Sahul
SahulSahul
Sahul
 
Sahul
SahulSahul
Sahul
 

More from CTIN

Mounting virtual hard drives
Mounting virtual hard drivesMounting virtual hard drives
Mounting virtual hard drivesCTIN
 
Open Source Forensics
Open Source ForensicsOpen Source Forensics
Open Source ForensicsCTIN
 
Encase V7 Presented by Guidance Software august 2011
Encase V7 Presented by Guidance Software august 2011Encase V7 Presented by Guidance Software august 2011
Encase V7 Presented by Guidance Software august 2011CTIN
 
Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3CTIN
 
Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3CTIN
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaCTIN
 
Windows 7 forensics thumbnail-dtl-r4
Windows 7 forensics thumbnail-dtl-r4Windows 7 forensics thumbnail-dtl-r4
Windows 7 forensics thumbnail-dtl-r4CTIN
 
Windows 7 forensics jump lists-rv3-public
Windows 7 forensics jump lists-rv3-publicWindows 7 forensics jump lists-rv3-public
Windows 7 forensics jump lists-rv3-publicCTIN
 
Time Stamp Analysis of Windows Systems
Time Stamp Analysis of Windows SystemsTime Stamp Analysis of Windows Systems
Time Stamp Analysis of Windows SystemsCTIN
 
Vista Forensics
Vista ForensicsVista Forensics
Vista ForensicsCTIN
 
Nra
NraNra
NraCTIN
 
Live Forensics
Live ForensicsLive Forensics
Live ForensicsCTIN
 
Edrm
EdrmEdrm
EdrmCTIN
 
Computer Searchs, Electronic Communication, Computer Trespass
Computer Searchs, Electronic Communication, Computer TrespassComputer Searchs, Electronic Communication, Computer Trespass
Computer Searchs, Electronic Communication, Computer TrespassCTIN
 
CyberCrime
CyberCrimeCyberCrime
CyberCrimeCTIN
 
Search Warrants
Search WarrantsSearch Warrants
Search WarrantsCTIN
 
Part6 Private Sector Concerns
Part6 Private Sector ConcernsPart6 Private Sector Concerns
Part6 Private Sector ConcernsCTIN
 
Sadfe2007
Sadfe2007Sadfe2007
Sadfe2007CTIN
 
Raidprep
RaidprepRaidprep
RaidprepCTIN
 
Networking Overview
Networking OverviewNetworking Overview
Networking OverviewCTIN
 

More from CTIN (20)

Mounting virtual hard drives
Mounting virtual hard drivesMounting virtual hard drives
Mounting virtual hard drives
 
Open Source Forensics
Open Source ForensicsOpen Source Forensics
Open Source Forensics
 
Encase V7 Presented by Guidance Software august 2011
Encase V7 Presented by Guidance Software august 2011Encase V7 Presented by Guidance Software august 2011
Encase V7 Presented by Guidance Software august 2011
 
Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3
 
Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troyla
 
Windows 7 forensics thumbnail-dtl-r4
Windows 7 forensics thumbnail-dtl-r4Windows 7 forensics thumbnail-dtl-r4
Windows 7 forensics thumbnail-dtl-r4
 
Windows 7 forensics jump lists-rv3-public
Windows 7 forensics jump lists-rv3-publicWindows 7 forensics jump lists-rv3-public
Windows 7 forensics jump lists-rv3-public
 
Time Stamp Analysis of Windows Systems
Time Stamp Analysis of Windows SystemsTime Stamp Analysis of Windows Systems
Time Stamp Analysis of Windows Systems
 
Vista Forensics
Vista ForensicsVista Forensics
Vista Forensics
 
Nra
NraNra
Nra
 
Live Forensics
Live ForensicsLive Forensics
Live Forensics
 
Edrm
EdrmEdrm
Edrm
 
Computer Searchs, Electronic Communication, Computer Trespass
Computer Searchs, Electronic Communication, Computer TrespassComputer Searchs, Electronic Communication, Computer Trespass
Computer Searchs, Electronic Communication, Computer Trespass
 
CyberCrime
CyberCrimeCyberCrime
CyberCrime
 
Search Warrants
Search WarrantsSearch Warrants
Search Warrants
 
Part6 Private Sector Concerns
Part6 Private Sector ConcernsPart6 Private Sector Concerns
Part6 Private Sector Concerns
 
Sadfe2007
Sadfe2007Sadfe2007
Sadfe2007
 
Raidprep
RaidprepRaidprep
Raidprep
 
Networking Overview
Networking OverviewNetworking Overview
Networking Overview
 

Recently uploaded

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Recently uploaded (20)

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Mac Forensics

  • 1. MacIntosh Forensics A presentation by Special Agent Thomas R. Nesbitt Federal Bureau of Investigation With assistance from presentations Prepared by John Mallory And Wayne Mitchell
  • 3.
  • 4.  
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.  
  • 10.
  • 11.  
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.  
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39. ACQUISITION -BLACK BAG
  • 40. ACQUISITION -BLACK BAG
  • 41. ACQUISITION -BLACK BAG
  • 42. ACQUISITION -BLACK BAG
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 51.
  • 52. GRAB - Built in Utility
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58.
  • 59.
  • 60.
  • 61.
  • 62.
  • 63.
  • 65.
  • 66.
  • 67.
  • 68.
  • 69.
  • 70.
  • 71.
  • 72.
  • 73.
  • 74.
  • 75.
  • 76.
  • 77.
  • 78.
  • 79.
  • 80.
  • 81.
  • 82.
  • 83.
  • 84.
  • 85.
  • 86.
  • 87.
  • 88.