Mac MarshalTM: A Tool for Mac OS X Operating System and Application Forensics

Mac OS X persistent evidences for forensics purposes

Computer forensics is a discipline focused on obtaining evidences that provide a clue about how, when and who did an action over an asset. This is important in the event of attacks from intruders and malware. However, no open source forensics tools have been developed to extract the Mac OS X file persistent evidences, despite recent trend of malwares and attacks on the operating system and appl...

Mac OS X Forensics

About the Integration of Mac OS X Devices into a Centrally Managed UNIX Environment

The UNIX flavors in use today have so much in common that centralized management of UNIX systems has become almost standard. Since Mac OS X is based on BSD-UNIX it is a promising candidate for integration into a centrally managed UNIX environment. Starting from generic administration concepts, this paper develops an integrated management concept that handles fully automated installation and con...

An Evaluation of Windows-Based Computer Forensics Application Software Running on a Macintosh

The two most common computer forensics applications perform exclusively on Microsoft Windows Operating Systems, yet contemporary computer forensics examinations frequently encounter one or more of the three most common operating system environments, namely Windows, OS-X, or some form of UNIX or Linux. Additionally, government and private computer forensics laboratories frequently encounter budg...

On the Viability of Memory Forensics in Compromised Environments

Memory forensics has become a powerful tool for the detection and analysis of malicious software. It provides investigators with an impartial view of a system, exposing hidden processes, threads, and network connections, by acquiring and analyzing physical memory. Because malicious software must be at least partially resident in memory in order to execute, it cannot remove all its traces from R...