Open Access. Powered by Scholars. Published by Universities.®
Forensic Science and Technology Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 1 of 1
Full-Text Articles in Forensic Science and Technology
Mac Os X Forensics, Philip Craiger, Paul Burke
Mac Os X Forensics, Philip Craiger, Paul Burke
J. Philip Craiger, Ph.D.
This paper describes procedures for conducting forensic examinations of Apple Macs running Mac OS X. The target disk mode is used to create a forensic duplicate of a Mac hard drive and preview it. Procedures are discussed for recovering evidence from allocated space, unallocated space, slack space and virtual memory. Furthermore, procedures are described for recovering trace evidence from Mac OS X default email, web browser and instant messaging applications, as well as evidence pertaining to commands executed from a terminal.