Mac OS X Forensics
Never give up, the answer is right in front of you...
-
Our Sponsors
-
Custom Search
Mac Marshal -
Architecture Technology Corporation
(continued)
Mac Marshal - Operating System analysis
Once the initial Disk triage has been performed, it is time to examine the installed operating system. Mac Marshal is able to gather the following from any Mac OS X installation:
While we are not going to go in-depth on any one of these tabs, I would like to point out that each function is a simple point and click for data results. Mac Marshal has been very well programmed to gather the data for each tab from the appropriate locations allowing for the analyst to save very well crafted reports.
As you can likely gather from this very brief review of Mac Marshal, the application offers some very powerful features and simplicity not found in other tools. This application should not be confused with a full-fledged analysis suite or suite of tools. Although the results of a Mac Marshal analysis can come very close to what many cases or investigations may need for evidence, there is still much more data available on any media that should be looked at before making a final conclusion. Also, Mac Marshal is not a Windows/Linux or any other analysis tool. Although it has the ability to recognize that a secondary partition has an operating system installed, it does not supply any other data.
Mac Marshal is a tool that any analyst should have as a part of their collection of applications to use. The data it can gather in any Mac based case is invaluable, and the price is outstanding. For law enforcement, the cost is free, and for others, contact ATC for more information.
Architecture Technology Corporation
www.MacMarshal.com
(continued)
Mac Marshal - Operating System analysis
Once the initial Disk triage has been performed, it is time to examine the installed operating system. Mac Marshal is able to gather the following from any Mac OS X installation:
- Disk Triage - includes user account examination and operating system information
- iTunes/iPod - lists previously connect iPods and iPhones
- Mail - analyzes each users email allowing for reading and saving
- Recent Items - shows recent activity of each user
- Quicktime Player - shows history of Quicktime Player usage
- Safari Cache and Safari - examines Safari browser usage
- Preview - shows history of Preview application usage
- Address Book - analyzes each users Address Book allowing for reading and saving
- iChat - analyzes iChat history
While we are not going to go in-depth on any one of these tabs, I would like to point out that each function is a simple point and click for data results. Mac Marshal has been very well programmed to gather the data for each tab from the appropriate locations allowing for the analyst to save very well crafted reports.
As you can likely gather from this very brief review of Mac Marshal, the application offers some very powerful features and simplicity not found in other tools. This application should not be confused with a full-fledged analysis suite or suite of tools. Although the results of a Mac Marshal analysis can come very close to what many cases or investigations may need for evidence, there is still much more data available on any media that should be looked at before making a final conclusion. Also, Mac Marshal is not a Windows/Linux or any other analysis tool. Although it has the ability to recognize that a secondary partition has an operating system installed, it does not supply any other data.
Mac Marshal is a tool that any analyst should have as a part of their collection of applications to use. The data it can gather in any Mac based case is invaluable, and the price is outstanding. For law enforcement, the cost is free, and for others, contact ATC for more information.
Architecture Technology Corporation
www.MacMarshal.com
Sponsored Advertisement