This article examines several forensic analysis tools for popular computer operating systems.
Computer forensic tools for Apple Mac hardware have traditionally focused on low-level file system details. Mac OS X and common applications on the Mac platform provide an abundance of information about the user's activities in configuration files, caches, and logs. The authors are developing MEGA, an extensible tool suite for the analysis of files on Mac OS X disk images. MEGA provides simple access to Spotlight metadata maintained by the operating system, yielding efficient file content search and exposing metadata such as digital camera make and model. It can also help investigators to assess FileVault encrypted home directories. MEGA support tools are under development to interpret files written by common Mac OS applications such as Safari, Mail, and iTunes.
Downloads
Similar Publications
- Proteomic genotyping: Using mass spectrometry to infer SNP genotypes in a forensic context
- Final Report: Evaluating a New Technique for Improving Eyewitness Identification
- Automated Reporting System Pilot Project: A User's Guide to the Machine-Readable Files and Documentation, Codebook, and Original Instrument