Tag Archives: Mac

Application Analysis: A Closer Look At Business Apps

Introduction  The Application Analysis team has continued examining the desktop-based web applications for both Mac and PC. We are currently finalizing our tests with Slack and DropBox. They were searching for files that could hold company, user, and file information. While these are only tests in the context of a real world scenario, this info […]

Continue reading
Mac RAM Analysis Rekall Volatility software logos

Mac RAM Analysis Update 1

INTRODUCTION TO MAC RAM ANALYSIS UPDATE In our previous blog post, we talked about the initial obstacle of software being outdated or nonexistent. We still needed to conduct research and determine which tools we were going to use to capture RAM on a Mac, then analyze the contents of the RAM dump to see what […]

Continue reading
Mac Ram Analysis Corsair Memory

Mac Ram Analysis Introduction

INTROduction to mac ram analysis: The newest project from the LCDI is going to be accomplishing a Mac Ram analysis. Last semester, the LCDI investigated forensic artifact locations produced by user activity in Apple’s newest version of OS X, El Capitan. Those findings were then compared to our previous report on El Capitan’s predecessor, OS […]

Continue reading
Mac Forensics Report OS X El Capitan

Mac Forensics Report Official Release

mac forensics report is complete In the Mac Forensics report, the team at the LCDI looked at operating systems for Macs and tried to determine what artifacts can be collected and where their default locations can be found. Then they compared the two main operating systems: OS X and El Capitan. background information Last year […]

Continue reading
MacOSX Yosemite blurred background

Mac OS X Forensics Update

Intro On September 30th, 2015, Apple released its latest update to Mac OS X: El Capitan. El Capitan brings with it many improvements and features, such as Metal, IOS’s graphics API, improvements to Safari, Mail, IPhoto, and much more. Since our last blog post a few weeks ago, we have been busy with our research […]

Continue reading

Mac OS X Forensics: Conclusion

RESULTS With the semester coming to a close, the projects are wrapping up and the reports are rolling out. We are diving into examining the devices we used for the Handoff feature and are currently finding data that points to its use. Below you can see a Handoff request that was found in the devices […]

Continue reading

Mac OS Forensics Part 4

Mac OS X Forensics/ Mac OS x and iOS Handoff      Start up/Recap At the start of this new semester we decided to take a fresh look at two projects and merge them: the Mac OSX Forensics (default artifact locations), and the Mac OS and iOS Handoff Connection. Now that our team is familiar […]

Continue reading

Mac OSX Forensics Part 3

Mac Imaging In order to preserve the physical integrity of the machine, we chose to image the Mac non-invasively.  We forced the target Mac to enter “Target disk mode” during the boot process and attached a thunderbolt cable.  After attaching the other end of the cable to our “Analysis Mac,” we were able to fully […]

Continue reading

Mac OSX Forensics Part 2

Different Examination Tools We have been doing extensive background research in advance of the actual data-generation and forensic aspect of our project. Currently, we have been researching the different examination tools and methods there are for Mac OSX. We have researched open-source tools as well as commercial tools and have chosen the ones we believe […]

Continue reading

OS X and iOS Handoff Introduction

Introduction During the 2014 Apple WorldWide Developers Conference, Apple announced a new feature available with iOS 8 and OS X 10.10 (Yosemite) known as Handoff. This new feature allows a user to transfer their activity from their iPhone to their Mac, or vice-versa, almost instantaneously. These activities include browsing the web, email, writing a note, […]

Continue reading