Forensically extracting file encrypted contents on OS X using HFS+ journal file
نویسندگان
چکیده
منابع مشابه
HFS+: The Mac OS X File System
The Macintosh OS X operating system is built to interface with the HFS+ file system. Assuming that allocations and disk I/O can be detected by monitoring the internal clock and noting any significant slowdown, we attempted to discover block size, any effects of prefetching, the file cache size, and the number of direct pointers in the HFS+ inode. Our tests were met with unfortunate amounts of n...
متن کاملOn Achieving Encrypted File Recovery
As digital devices become more prevalent in our society, evidence relating to crimes will be more frequently found on digital devices. Computer forensics is becoming a vital tool required by law enforcement for providing data recovery of key evidence. File carving is a powerful approach for recovering data especially when file system metadata information is unavailable. Many file carving approa...
متن کاملHFS : A Flexible File Systemfor large - scale
The Hurricane File System (HFS) is a new le system being developed for large-scale shared memory multipro-cessors with distributed disks. The main goal of this le system is scalability; that is, the le system is designed to handle demands that are expected to grow linearly with the number of processors in the system. To achieve this goal, HFS is designed using a new structuring technique called...
متن کاملAcquiring OS X File Handles Through Forensic Memory Analysis
Memory analysis has become a critical capability in digital forensics because it provides insight into system state that cannot be fully represented through traditional media analysis. The volafox open source project has begun the work of structured memory analysis for OS X with support for a limited set of kernel structures. This paper addresses one memory analysis deficiency on OS X with the ...
متن کاملFile System Journal Forensics
Journaling is a relatively new feature of modern file systems that is not yet exploited by most digital forensic tools. A file system journal caches data to be written to the file system to ensure that it is not lost in the event of a power loss or system malfunction. Analysis of journal data can identify which files were overwritten recently. Indeed, under the right circumstances, analyzing a ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Digital Investigation
سال: 2016
ISSN: 1742-2876
DOI: 10.1016/j.diin.2016.04.014