Tag Archives: Mac OSX

Mac Forensics Report OS X El Capitan

Mac Forensics Report Official Release

mac forensics report is complete In the Mac Forensics report, the team at the LCDI looked at operating systems for Macs and tried to determine what artifacts can be collected and where their default locations can be found. Then they compared the two main operating systems: OS X and El Capitan. background information Last year […]

Continue reading
MacOSX Yosemite blurred background

Mac OS X Forensics Update

Intro On September 30th, 2015, Apple released its latest update to Mac OS X: El Capitan. El Capitan brings with it many improvements and features, such as Metal, IOS’s graphics API, improvements to Safari, Mail, IPhoto, and much more. Since our last blog post a few weeks ago, we have been busy with our research […]

Continue reading
Mac Forensics Report OS X El Capitan

Introduction to Mac OS X Forensics

introduction On September 30th, 2015, Apple is set to release their latest version of Mac OS X: El Capitan. While its predecessor Yosemite brought many major updates to commonly used applications, El Capitan promises more subtle changes. With El Capitan, Apple is integrating Metal, IOS’s graphics API, into Mac OS X, along with various performance […]

Continue reading

Mac OS X Forensics: Conclusion

RESULTS With the semester coming to a close, the projects are wrapping up and the reports are rolling out. We are diving into examining the devices we used for the Handoff feature and are currently finding data that points to its use. Below you can see a Handoff request that was found in the devices […]

Continue reading

Mac OS Forensics Part 4

Mac OS X Forensics/ Mac OS x and iOS Handoff      Start up/Recap At the start of this new semester we decided to take a fresh look at two projects and merge them: the Mac OSX Forensics (default artifact locations), and the Mac OS and iOS Handoff Connection. Now that our team is familiar […]

Continue reading

Mac OSX Forensics Part 3

Mac Imaging In order to preserve the physical integrity of the machine, we chose to image the Mac non-invasively.  We forced the target Mac to enter “Target disk mode” during the boot process and attached a thunderbolt cable.  After attaching the other end of the cable to our “Analysis Mac,” we were able to fully […]

Continue reading

Mac OSX Forensics Part 2

Different Examination Tools We have been doing extensive background research in advance of the actual data-generation and forensic aspect of our project. Currently, we have been researching the different examination tools and methods there are for Mac OSX. We have researched open-source tools as well as commercial tools and have chosen the ones we believe […]

Continue reading

Mac OSX Forensics Introduction

Project Introduction Mac OSX is Apple’s most recent operating system for Macintosh computers. Macs are widely used, and knowing how to get information off of them very important for forensic examiners. Just PC expertise is not enough today; Macs have a different way of storing user data and artifacts. Knowledge of the location of potential […]

Continue reading