Mac OS X Forensics
Never give up, the answer is right in front of you...
-
Our Sponsors
-
Custom Search
Latest
News! 
(updated June 25, 2009)
The Store is Open!
(you support this site by shopping thru our store)
Announcements
New Macintosh Forensic Tools
See all of the recommended tools on the Mac Forensics Tools and Resources pages.
Forums
(updated June 25, 2009)
The Store is Open!
(you support this site by shopping thru our store)
- Check out the new apparel, hats, bags, and accessories! With our new partnership with LOFCE, quality items will be added all of the time.
- Our Amazon Store items are always being updated with items we think you might be using.
Announcements
- Kroll OnTrack - We are excited to announce that we have become an Authorized Partner with Kroll OnTrack. Thru our partnership, you can get free evaluations of your data recovery requests and price quotes. Kroll OnTrack is Apple Authorized for data recovery for single hard drives thru XSAN technology.
- Reading Resources - added a new section to the resources available. These are papers that have been written by others related to Mac OS X. Please submit your suggestions for this section.
- Mac Marshal - we have reviewed Mac Marshal 1.0.3 and its many capabilities for Macintosh based examinations
- Apple Technical Docs - added a page that has useful links to Apple’s Technical Documents, Software downloads, and Server resources
- Book Review - Mac OS X , iPod, and iPhone Forensic Analysis DVD Toolkit gets reviewed by Gary Kessler, Associate Professor and Program Director at Champlain College in Burlington, VT.
- Inside the Core - We are now offering a Podcast with Macintosh forensic advice. We look forward to your feedback!
- “The Future of Cyber Forensics”, a white paper by Dr. Marc Rogers about the Macintosh and its importance in digital forensics
- Property List Files - a web page explaining how the PLIST file can be important to your analysis
- Vulnerability Assessment and Macintosh Forensics, a new page discussing vulnerability scanning with the tool Nessus from Tenable Network Security.
- Airport Extreme Base Station and Time Capsule, the new 7.4.1 firmware offers some very interesting new features for digital forensics. Take a look at the Technologies section for our overview of what Apple has just introduced.
- Print Spool (CUPS), a look at the printing history kept on the Macintosh
- Passwords Part 2, a follow-up to the analysis of the shadow file used with Leopard, Mac OS X 10.5 systems. Thank you Earl D. Fife for your contribution.
New Macintosh Forensic Tools
- Emailchemy 9.8.8 - Emailchemy is an invaluable tool in email collection, recovery, as well as advanced tools
- Sun VirtualBox, a free virtual machine application for the Macintosh (UNIX, Windows, and Linux too). This app will NOT virtualize Mac OS X Server like Parallels and VMware.
- VMWare vCenter Converter, a new free product from VMWare that allows you to convert physical Windows and Linux machines as well as images to other formats into virtual machines.
- crowbarKC, a free utility to dictionary attack a Keychain file by George Starcher.
- crowbarDMG, a free utility to dictionary attack DMG, sparseimage, and sparsebundle file types by George Starcher.
- Mac Marshal is a new application that will analyze Mac OS X file system images. It has capabilities of finding virtual machines, Windows installations, parsing internet history, email, FileVault decryption, and many more. The application is FREE to all law enforcement and can be purchased by everyone else thru Architecture Technology Corporation.
See all of the recommended tools on the Mac Forensics Tools and Resources pages.
Forums
- The Forums are open and have been a huge success. Join us in the newly expanded topics.