This awardee has received supplemental funding. This award detail page includes information about both the original award and supplemental awards.
Description of original award (Fiscal Year 2007, $474,943)
This project will develop an extensible Macintosh Evidence Gathering and Analysis tool suite for investigators to assess and collect data on dual-boot Mac systems, and to gather and analyze forensically-relevant data specific to Mac OS X. MEGA will serve law enforcement and NIJ by allowing an investigator to quickly assess the operating systems installed on a Mac OS X disk image or machine, including the last boot time and other information for each, in a forensically-sound manner. ca/ncf
In the spring of 2007, the E-Crime Technology Work Group identified Macintosh forensics as a priority. Forensic examiners observed an increase in Mac computers because of the dual boot capability of MAC OS-X10 operating systems (boots to Macintosh or Windows XP). Mac Evidence Gathering and Analysis (MEGA) will gather Mac OS X specific information that is largely ignored by existing tools, such as configuration, log, and cache data written by the operating system (OS), other OSs present via dual boot or virtual machines, and information available through the built-in Spotlight search facility. This project contributes to the reduction of crime laboratory backlogs in processing computer evidence by greatly reducing the time necessary to forensically examine a Macintosh machine. ca/ncf