SlideShare a Scribd company logo

Mac Forensics

CTIN
CTIN
Technology
1 of 88
MacIntosh Forensics A presentation by Special Agent Thomas R. Nesbitt Federal Bureau of Investigation With assistance from presentations Prepared by John Mallory And Wayne Mitchell
The Mothership
WHY MAC FORENSICS? ,[object Object],[object Object],[object Object],[object Object]
 
MAC CLASSIC ,[object Object],[object Object],[object Object]
MAC CLASSIC ,[object Object],[object Object],[object Object],[object Object]
MAC FORENSICS ,[object Object],[object Object],[object Object]
MAC FORENSICS ,[object Object],[object Object],[object Object]
 
MAC OS X ,[object Object],[object Object],[object Object]
 
MAC FORENSICS ,[object Object],[object Object]
OS X ,[object Object],[object Object],[object Object],[object Object]
OS X ,[object Object],[object Object],[object Object],[object Object]
OS X ,[object Object],[object Object],[object Object],[object Object]
OS X ,[object Object],[object Object]
ACQUISITION ,[object Object],[object Object]
 
ACQUISITION ,[object Object]
ACQUISITION ,[object Object]
ACQUISITION ,[object Object],[object Object]
ACQUISITION ,[object Object],[object Object],[object Object]
ACQUISITION ,[object Object],[object Object],[object Object]
ACQUISITION ,[object Object],[object Object]
ACQUISITION ,[object Object],[object Object]
ACQUISITION ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
ACQUISITION ,[object Object],[object Object],[object Object],[object Object]
ACQUISITION ,[object Object],[object Object],[object Object],[object Object]
ACQUISITION ,[object Object],[object Object],[object Object],[object Object],[object Object]
ACQUISITION ,[object Object],[object Object],[object Object],[object Object]
ACQUISITION ,[object Object],[object Object],[object Object]
ACQUISITION ,[object Object],[object Object],[object Object],[object Object],[object Object]
DISK ARBITRATION JAGUAR ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
DISK ARBITRATION PANTHER ,[object Object],[object Object],[object Object]
DISK ARBITRATION-DISABLING PANTHER ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
ACQUISITION TARGET MODE ,[object Object],[object Object],[object Object],[object Object]
ACQUISITION TARGET MODE ,[object Object],[object Object],[object Object]
ACQUISITION -BLACK BAG ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
ACQUISITION -BLACK BAG
ACQUISITION -BLACK BAG
ACQUISITION -BLACK BAG
ACQUISITION -BLACK BAG
ACQUISITION ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
EXAMINATION ,[object Object],[object Object],[object Object],[object Object]
EXAMINATION ,[object Object],[object Object],[object Object]
EXAMINATION ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
EXAMINATION ,[object Object],[object Object],[object Object],[object Object]
EXAMINATION ,[object Object],[object Object]
EXAMINATION ,[object Object],[object Object]
EXAMINATION
EXAMINATION ,[object Object],[object Object],[object Object]
GRAB - Built in Utility
Common Email Clients ,[object Object],[object Object],[object Object]
Software Tools ,[object Object],[object Object],[object Object]
Email ,[object Object],[object Object],[object Object],[object Object]
Apple Mail ,[object Object],[object Object],[object Object],[object Object]
Apple Mail - file locations ,[object Object],[object Object],[object Object]
Microsoft Entourage ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Microsoft Entourage - file locations ,[object Object],[object Object],[object Object]
Microsoft Entourage - Processing ,[object Object],[object Object],[object Object],[object Object]
America Online 10.3.7 ,[object Object],[object Object],[object Object],[object Object]
America Online - file locations ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
America Online - Processing ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Emailchemy
Common Browsers ,[object Object],[object Object],[object Object],[object Object],[object Object]
Browser Data ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Forensic data recovered from browsers typically includes the following:
Software Tools ,[object Object],[object Object],[object Object]
Safari Browser ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Safari - file locations ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Firefox Browser ,[object Object],[object Object],[object Object],[object Object]
Firefox - file locations ,[object Object],[object Object],[object Object],[object Object]
America Online 10.3.7 ,[object Object],[object Object],[object Object],[object Object]
Microsoft Internet Explorer ,[object Object],[object Object],[object Object],[object Object],waf files are container files which hold the browser cache or downloaded files. Usually 10MB by default. Microsoft has discontinued support for IE and it is no longer available for download.
MS IE - Processing ,[object Object],[object Object],[object Object],[object Object],[object Object]
Opera Browser ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Opera - file locations ,[object Object],[object Object],[object Object],[object Object],[object Object]
Opera - file locations ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
iChat ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
iChat file locations ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Other Chat Programs ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
STRING SEARCHES - Common Techniques ,[object Object],[object Object],[object Object]
Spotlight ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Spotlight ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Spotlight ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Command Line (Find + Grep) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Command Line ,[object Object],[object Object],[object Object]
Command Line ,[object Object],[object Object],[object Object]
BBT Active File Searcher ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Recommended

Examining Mac File Structures
Examining Mac File StructuresExamining Mac File Structures
Examining Mac File Structuresprimeteacher32
 
Linux forensics
Linux forensicsLinux forensics
Linux forensicsSantosh Khadsare
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory ForensicsPrince Boonlia
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsMayank Chaudhari
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows SystemConferencias FIST
 
Windowsforensics
WindowsforensicsWindowsforensics
WindowsforensicsSantosh Khadsare
 
Comparison of windows linux and mac os
Comparison of windows linux and mac osComparison of windows linux and mac os
Comparison of windows linux and mac osAli Zar
 
Memory forensics.pptx
Memory forensics.pptxMemory forensics.pptx
Memory forensics.pptx9905234521
 

Recommended

Examining Mac File Structures
Examining Mac File StructuresExamining Mac File Structures
Examining Mac File Structuresprimeteacher32
 
Linux forensics
Linux forensicsLinux forensics
Linux forensicsSantosh Khadsare
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory ForensicsPrince Boonlia
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsMayank Chaudhari
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows SystemConferencias FIST
 
Windowsforensics
WindowsforensicsWindowsforensics
WindowsforensicsSantosh Khadsare
 
Comparison of windows linux and mac os
Comparison of windows linux and mac osComparison of windows linux and mac os
Comparison of windows linux and mac osAli Zar
 
Memory forensics.pptx
Memory forensics.pptxMemory forensics.pptx
Memory forensics.pptx9905234521
 
Memory forensics
Memory forensicsMemory forensics
Memory forensicsSunil Kumar
 
Windows Forensic 101
Windows Forensic 101Windows Forensic 101
Windows Forensic 101Digit Oktavianto
 
CNIT 121: 13 Investigating Mac OS X Systems
CNIT 121: 13 Investigating Mac OS X SystemsCNIT 121: 13 Investigating Mac OS X Systems
CNIT 121: 13 Investigating Mac OS X SystemsSam Bowne
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensicsprimeteacher32
 
Anti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and preventionAnti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and preventionSeccuris Inc.
 
Computer Forensics & Windows Registry
Computer Forensics & Windows RegistryComputer Forensics & Windows Registry
Computer Forensics & Windows Registrysomutripathi
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensicsanupriti
 
Ntfs forensics
Ntfs forensicsNtfs forensics
Ntfs forensicsn|u - The Open Security Community
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics IntroJake K.
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Mac os file managment
Mac os file managmentMac os file managment
Mac os file managmentAndam Omar
 
Hard drive partitions
Hard drive partitionsHard drive partitions
Hard drive partitionsGabriela_Technoteacher
 
LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation Damir Delija
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsRamesh Ogania
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsNicholas Davis
 
Live data collection_from_windows_system
Live data collection_from_windows_systemLive data collection_from_windows_system
Live data collection_from_windows_systemMaceni Muse
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensicsTaha İslam YILMAZ
 
Data backup and disaster recovery
Data backup and disaster recoveryData backup and disaster recovery
Data backup and disaster recoverycatacutanjcsantos
 
G Infomgnt
G InfomgntG Infomgnt
G InfomgntCTIN
 
Capturing forensics image
Capturing forensics imageCapturing forensics image
Capturing forensics imageChris Harrington
 

More Related Content

What's hot

Memory forensics
Memory forensicsMemory forensics
Memory forensicsSunil Kumar
 
CNIT 121: 13 Investigating Mac OS X Systems
CNIT 121: 13 Investigating Mac OS X SystemsCNIT 121: 13 Investigating Mac OS X Systems
CNIT 121: 13 Investigating Mac OS X SystemsSam Bowne
 
Anti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and preventionAnti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and preventionSeccuris Inc.
 
Computer Forensics & Windows Registry
Computer Forensics & Windows RegistryComputer Forensics & Windows Registry
Computer Forensics & Windows Registrysomutripathi
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensicsanupriti
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics IntroJake K.
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Mac os file managment
Mac os file managmentMac os file managment
Mac os file managmentAndam Omar
 
LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation Damir Delija
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
Live data collection_from_windows_system
Live data collection_from_windows_systemLive data collection_from_windows_system
Live data collection_from_windows_systemMaceni Muse
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Data backup and disaster recovery
Data backup and disaster recoveryData backup and disaster recovery
Data backup and disaster recoverycatacutanjcsantos
 

What's hot (20)

Memory forensics
Memory forensicsMemory forensics
Memory forensics
 
Windows Forensic 101
Windows Forensic 101Windows Forensic 101
Windows Forensic 101
 
CNIT 121: 13 Investigating Mac OS X Systems
CNIT 121: 13 Investigating Mac OS X SystemsCNIT 121: 13 Investigating Mac OS X Systems
CNIT 121: 13 Investigating Mac OS X Systems
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Anti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and preventionAnti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and prevention
 
Computer Forensics & Windows Registry
Computer Forensics & Windows RegistryComputer Forensics & Windows Registry
Computer Forensics & Windows Registry
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensics
 
Ntfs forensics
Ntfs forensicsNtfs forensics
Ntfs forensics
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics Intro
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Mac os file managment
Mac os file managmentMac os file managment
Mac os file managment
 
Hard drive partitions
Hard drive partitionsHard drive partitions
Hard drive partitions
 
LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Live data collection_from_windows_system
Live data collection_from_windows_systemLive data collection_from_windows_system
Live data collection_from_windows_system
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensics
 
Data backup and disaster recovery
Data backup and disaster recoveryData backup and disaster recovery
Data backup and disaster recovery
 

Viewers also liked

G Infomgnt
G InfomgntG Infomgnt
G InfomgntCTIN
 
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...OWASP Turkiye
 
Social Media Forensics for Investigators
Social Media Forensics for InvestigatorsSocial Media Forensics for Investigators
Social Media Forensics for InvestigatorsCase IQ
 
Windows nt istallation
Windows nt istallationWindows nt istallation
Windows nt istallationHarleen Johal
 
Social Media for Investigations Tools
Social Media for Investigations ToolsSocial Media for Investigations Tools
Social Media for Investigations ToolsMandy Jenkins
 
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...Mark Matienzo
 
Using and Developing with Open Source Digital Forensics Software in Digital A...
Using and Developing with Open Source Digital Forensics Software in Digital A...Using and Developing with Open Source Digital Forensics Software in Digital A...
Using and Developing with Open Source Digital Forensics Software in Digital A...Mark Matienzo
 
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics PlatformAutopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics PlatformBasis Technology
 
Files and Folders in Windows 7
Files and Folders in Windows 7Files and Folders in Windows 7
Files and Folders in Windows 7RIAH ENCARNACION
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsBrent Muir
 
The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics00heights
 
Translating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityTranslating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityCTIN
 
NTFS file system
NTFS file systemNTFS file system
NTFS file systemRavi Yasas
 
Windows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsWindows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsMike Spaulding
 

Viewers also liked (20)

G Infomgnt
G InfomgntG Infomgnt
G Infomgnt
 
Capturing forensics image
Capturing forensics imageCapturing forensics image
Capturing forensics image
 
NTFS Forensics
NTFS Forensics NTFS Forensics
NTFS Forensics
 
Disk forensics
Disk forensicsDisk forensics
Disk forensics
 
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...
 
Social Media Forensics for Investigators
Social Media Forensics for InvestigatorsSocial Media Forensics for Investigators
Social Media Forensics for Investigators
 
Windows nt istallation
Windows nt istallationWindows nt istallation
Windows nt istallation
 
Social Media for Investigations Tools
Social Media for Investigations ToolsSocial Media for Investigations Tools
Social Media for Investigations Tools
 
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
 
Using and Developing with Open Source Digital Forensics Software in Digital A...
Using and Developing with Open Source Digital Forensics Software in Digital A...Using and Developing with Open Source Digital Forensics Software in Digital A...
Using and Developing with Open Source Digital Forensics Software in Digital A...
 
NTFS vs FAT
NTFS vs FATNTFS vs FAT
NTFS vs FAT
 
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics PlatformAutopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
 
Files and Folders in Windows 7
Files and Folders in Windows 7Files and Folders in Windows 7
Files and Folders in Windows 7
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary Artefacts
 
The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics
 
Translating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityTranslating Geek To Attorneys It Security
Translating Geek To Attorneys It Security
 
NTFS file system
NTFS file systemNTFS file system
NTFS file system
 
Netcat cheat sheet
Netcat cheat sheetNetcat cheat sheet
Netcat cheat sheet
 
Windows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsWindows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti Forensics
 
File carving tools
File carving toolsFile carving tools
File carving tools
 

Similar to Mac Forensics

First Responder Course - Session 10 - Static Evidence Collection [2004]
First Responder Course - Session 10 - Static Evidence Collection [2004]First Responder Course - Session 10 - Static Evidence Collection [2004]
First Responder Course - Session 10 - Static Evidence Collection [2004]Phil Huggins FBCS CITP
 
Mac os installation and Hardware Report
Mac os installation and Hardware ReportMac os installation and Hardware Report
Mac os installation and Hardware ReportPratik Vyas
 
Howtoinstallarchlinuxtousb final-120610172253-phpapp01
Howtoinstallarchlinuxtousb final-120610172253-phpapp01Howtoinstallarchlinuxtousb final-120610172253-phpapp01
Howtoinstallarchlinuxtousb final-120610172253-phpapp01decenttr
 
How to Install ArchLinux to a USB Flashdrive in 2012
How to Install ArchLinux to a USB Flashdrive in 2012How to Install ArchLinux to a USB Flashdrive in 2012
How to Install ArchLinux to a USB Flashdrive in 2012Chukwuma Onyeije, MD, FACOG
 
Beginning Mac Os X
Beginning Mac Os XBeginning Mac Os X
Beginning Mac Os XPerry Lund
 
Mac OSX - Presentation for NEWLUG - Nov. 2010
Mac OSX - Presentation for NEWLUG - Nov. 2010Mac OSX - Presentation for NEWLUG - Nov. 2010
Mac OSX - Presentation for NEWLUG - Nov. 2010NEWLUG
 
66628558 computer-terms-guide
66628558 computer-terms-guide66628558 computer-terms-guide
66628558 computer-terms-guidei_amprecious
 
Recipe of a linux Live CD (archived)
Recipe of a linux Live CD (archived)Recipe of a linux Live CD (archived)
Recipe of a linux Live CD (archived)Bud Siddhisena
 
Andresen 8 21 02
Andresen 8 21 02Andresen 8 21 02
Andresen 8 21 02FNian
 
Cd rom mounting cdro-ms on solaris
Cd rom mounting cdro-ms on solarisCd rom mounting cdro-ms on solaris
Cd rom mounting cdro-ms on solarisBui Van Cuong
 
U Boot or Universal Bootloader
U Boot or Universal BootloaderU Boot or Universal Bootloader
U Boot or Universal BootloaderSatpal Parmar
 
When disk utility fails to fix Mac OS X file system corruption issues
When disk utility fails to fix Mac OS X file system corruption issuesWhen disk utility fails to fix Mac OS X file system corruption issues
When disk utility fails to fix Mac OS X file system corruption issuesdatarecovery osx
 

Similar to Mac Forensics (20)

Linux
LinuxLinux
Linux
 
Linux
Linux Linux
Linux
 
First Responder Course - Session 10 - Static Evidence Collection [2004]
First Responder Course - Session 10 - Static Evidence Collection [2004]First Responder Course - Session 10 - Static Evidence Collection [2004]
First Responder Course - Session 10 - Static Evidence Collection [2004]
 
Mac os installation and Hardware Report
Mac os installation and Hardware ReportMac os installation and Hardware Report
Mac os installation and Hardware Report
 
Howtoinstallarchlinuxtousb final-120610172253-phpapp01
Howtoinstallarchlinuxtousb final-120610172253-phpapp01Howtoinstallarchlinuxtousb final-120610172253-phpapp01
Howtoinstallarchlinuxtousb final-120610172253-phpapp01
 
How to Install ArchLinux to a USB Flashdrive in 2012
How to Install ArchLinux to a USB Flashdrive in 2012How to Install ArchLinux to a USB Flashdrive in 2012
How to Install ArchLinux to a USB Flashdrive in 2012
 
Beginning Mac Os X
Beginning Mac Os XBeginning Mac Os X
Beginning Mac Os X
 
Mac OSX - Presentation for NEWLUG - Nov. 2010
Mac OSX - Presentation for NEWLUG - Nov. 2010Mac OSX - Presentation for NEWLUG - Nov. 2010
Mac OSX - Presentation for NEWLUG - Nov. 2010
 
66628558 computer-terms-guide
66628558 computer-terms-guide66628558 computer-terms-guide
66628558 computer-terms-guide
 
Introductory Mac OS X
Introductory Mac OS XIntroductory Mac OS X
Introductory Mac OS X
 
4th
4th4th
4th
 
Ch12 system administration
Ch12 system administration Ch12 system administration
Ch12 system administration
 
Xen time machine
Xen time machineXen time machine
Xen time machine
 
Recipe of a linux Live CD (archived)
Recipe of a linux Live CD (archived)Recipe of a linux Live CD (archived)
Recipe of a linux Live CD (archived)
 
Andresen 8 21 02
Andresen 8 21 02Andresen 8 21 02
Andresen 8 21 02
 
Cd rom mounting cdro-ms on solaris
Cd rom mounting cdro-ms on solarisCd rom mounting cdro-ms on solaris
Cd rom mounting cdro-ms on solaris
 
U Boot or Universal Bootloader
U Boot or Universal BootloaderU Boot or Universal Bootloader
U Boot or Universal Bootloader
 
When disk utility fails to fix Mac OS X file system corruption issues
When disk utility fails to fix Mac OS X file system corruption issuesWhen disk utility fails to fix Mac OS X file system corruption issues
When disk utility fails to fix Mac OS X file system corruption issues
 
Sahul
SahulSahul
Sahul
 
Sahul
SahulSahul
Sahul
 

More from CTIN

Mounting virtual hard drives
Mounting virtual hard drivesMounting virtual hard drives
Mounting virtual hard drivesCTIN
 
Open Source Forensics
Open Source ForensicsOpen Source Forensics
Open Source ForensicsCTIN
 
Encase V7 Presented by Guidance Software august 2011
Encase V7 Presented by Guidance Software august 2011Encase V7 Presented by Guidance Software august 2011
Encase V7 Presented by Guidance Software august 2011CTIN
 
Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3CTIN
 
Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3CTIN
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaCTIN
 
Windows 7 forensics thumbnail-dtl-r4
Windows 7 forensics thumbnail-dtl-r4Windows 7 forensics thumbnail-dtl-r4
Windows 7 forensics thumbnail-dtl-r4CTIN
 
Windows 7 forensics jump lists-rv3-public
Windows 7 forensics jump lists-rv3-publicWindows 7 forensics jump lists-rv3-public
Windows 7 forensics jump lists-rv3-publicCTIN
 
Time Stamp Analysis of Windows Systems
Time Stamp Analysis of Windows SystemsTime Stamp Analysis of Windows Systems
Time Stamp Analysis of Windows SystemsCTIN
 
Vista Forensics
Vista ForensicsVista Forensics
Vista ForensicsCTIN
 
Nra
NraNra
NraCTIN
 
Live Forensics
Live ForensicsLive Forensics
Live ForensicsCTIN
 
Edrm
EdrmEdrm
EdrmCTIN
 
Computer Searchs, Electronic Communication, Computer Trespass
Computer Searchs, Electronic Communication, Computer TrespassComputer Searchs, Electronic Communication, Computer Trespass
Computer Searchs, Electronic Communication, Computer TrespassCTIN
 
CyberCrime
CyberCrimeCyberCrime
CyberCrimeCTIN
 
Search Warrants
Search WarrantsSearch Warrants
Search WarrantsCTIN
 
Part6 Private Sector Concerns
Part6 Private Sector ConcernsPart6 Private Sector Concerns
Part6 Private Sector ConcernsCTIN
 
Sadfe2007
Sadfe2007Sadfe2007
Sadfe2007CTIN
 
Raidprep
RaidprepRaidprep
RaidprepCTIN
 
Networking Overview
Networking OverviewNetworking Overview
Networking OverviewCTIN
 

More from CTIN (20)

Mounting virtual hard drives
Mounting virtual hard drivesMounting virtual hard drives
Mounting virtual hard drives
 
Open Source Forensics
Open Source ForensicsOpen Source Forensics
Open Source Forensics
 
Encase V7 Presented by Guidance Software august 2011
Encase V7 Presented by Guidance Software august 2011Encase V7 Presented by Guidance Software august 2011
Encase V7 Presented by Guidance Software august 2011
 
Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3
 
Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troyla
 
Windows 7 forensics thumbnail-dtl-r4
Windows 7 forensics thumbnail-dtl-r4Windows 7 forensics thumbnail-dtl-r4
Windows 7 forensics thumbnail-dtl-r4
 
Windows 7 forensics jump lists-rv3-public
Windows 7 forensics jump lists-rv3-publicWindows 7 forensics jump lists-rv3-public
Windows 7 forensics jump lists-rv3-public
 
Time Stamp Analysis of Windows Systems
Time Stamp Analysis of Windows SystemsTime Stamp Analysis of Windows Systems
Time Stamp Analysis of Windows Systems
 
Vista Forensics
Vista ForensicsVista Forensics
Vista Forensics
 
Nra
NraNra
Nra
 
Live Forensics
Live ForensicsLive Forensics
Live Forensics
 
Edrm
EdrmEdrm
Edrm
 
Computer Searchs, Electronic Communication, Computer Trespass
Computer Searchs, Electronic Communication, Computer TrespassComputer Searchs, Electronic Communication, Computer Trespass
Computer Searchs, Electronic Communication, Computer Trespass
 
CyberCrime
CyberCrimeCyberCrime
CyberCrime
 
Search Warrants
Search WarrantsSearch Warrants
Search Warrants
 
Part6 Private Sector Concerns
Part6 Private Sector ConcernsPart6 Private Sector Concerns
Part6 Private Sector Concerns
 
Sadfe2007
Sadfe2007Sadfe2007
Sadfe2007
 
Raidprep
RaidprepRaidprep
Raidprep
 
Networking Overview
Networking OverviewNetworking Overview
Networking Overview
 

Recently uploaded

Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 

Recently uploaded (20)

Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 

Mac Forensics

  • 1. MacIntosh Forensics A presentation by Special Agent Thomas R. Nesbitt Federal Bureau of Investigation With assistance from presentations Prepared by John Mallory And Wayne Mitchell
  • 3.
  • 4.  
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.  
  • 10.
  • 11.  
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.  
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39. ACQUISITION -BLACK BAG
  • 40. ACQUISITION -BLACK BAG
  • 41. ACQUISITION -BLACK BAG
  • 42. ACQUISITION -BLACK BAG
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 51.
  • 52. GRAB - Built in Utility
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58.
  • 59.
  • 60.
  • 61.
  • 62.
  • 63.
  • 65.
  • 66.
  • 67.
  • 68.
  • 69.
  • 70.
  • 71.
  • 72.
  • 73.
  • 74.
  • 75.
  • 76.
  • 77.
  • 78.
  • 79.
  • 80.
  • 81.
  • 82.
  • 83.
  • 84.
  • 85.
  • 86.
  • 87.
  • 88.