This article examines several forensic analysis tools for popular computer operating systems.
Computer forensic tools for Apple Mac hardware have traditionally focused on low-level file system details. Mac OS X and common applications on the Mac platform provide an abundance of information about the user's activities in configuration files, caches, and logs. The authors are developing MEGA, an extensible tool suite for the analysis of files on Mac OS X disk images. MEGA provides simple access to Spotlight metadata maintained by the operating system, yielding efficient file content search and exposing metadata such as digital camera make and model. It can also help investigators to assess FileVault encrypted home directories. MEGA support tools are under development to interpret files written by common Mac OS applications such as Safari, Mail, and iTunes.
Downloads
Similar Publications
- Forensic Reconstruction of Severely Degraded License Plates
- Utilizing Derivatizing Agents for the Differentiation of Cannabinoid isomers in Complex Food, Beverage and Personal-care Product Matrices by Ambient Ionization Mass Spectrometry
- Sex Estimation Using Metrics of the Innominate: A Test of the DSP2 Method