Note:
This awardee has received supplemental funding. This award detail page includes information about both the original award and supplemental awards.
Award Information
Description of original award (Fiscal Year 2009, $174,943)
ATC-NY has created an extensible Macintosh evidence gathering and analysis tool called Mac Marshal. Developed in collaboration with law enforcement and Architecture Technology Corporation, Mac Marshal gathers Mac OS X specific information that is largely ignored by existing tools, such as configuration, log, and cache data written by the operating system (OS), other OSs present via dual boot or virtual machines, and information available through the built-in Spotlight search facility.
Mac Marshal speeds up investigative analysis of Macintosh computers by applying established tools and techniques, in a forensically sound manner, to consistently gather and present usage information about a suspect Macintosh'including evidence that may be overlooked by examiners not familiar with the intricacies of Mac OS X, and evidence that is time-consuming to extract by hand. With computer crime labs seeing upwards of 10% of their investigations involving Macs, and having few trained Mac experts on hand, Mac Marshal can make a significant impact in reducing law enforcement case backlogs.
This project will will extend Mac Marshal, from small enhancements driven by law enforcement feedback to major new capabilities, such as the ability to extract data from an iPhone and to conduct forensic investigations on live, running systems, gathering volatile data from systems for later analysis.
ca/ncf