Mac forensics

From Simson Garfinkel
Jump to navigationJump to search

Notes on Mac Forensics.

On the Web

Apple's Resources

Other curricula

Drive Image Tools

Forensics Programs

Terminal Hacks

Is FV2 running?

   fdsetup status


Ryan Kubasiak, previously ran, now on the digital crimes team at Apple


  • MacOS X Forensics, Philip Craiger and Paul Burke, IFIP, DigitalForensics 2006, Advances in Digital Forensics II

Course Ideas

  • Cracking FileVault2 with JohnTheRipper
  • The Diskutil command

Live system monitoring

File system monitoring

Watchdog is the common cross-platform interface for writing python programs that monitor the file system. (DOCS)

Live system monitoring