Difference between revisions of "Mac forensics"

From Simson Garfinkel
Jump to navigationJump to search
m
Line 4: Line 4:
* [https://www.blackbagtech.com/resources/mac-forensics.html BlacBag Technologies] site.
* [https://www.blackbagtech.com/resources/mac-forensics.html BlacBag Technologies] site.
* [https://groups.yahoo.com/neo/groups/macos_forensics/info Mac Forensics Yahoo Group]
* [https://groups.yahoo.com/neo/groups/macos_forensics/info Mac Forensics Yahoo Group]
* [https://www.blackbagtech.com/blog/2014/11/13/imaging-a-filevault-2-encrypted-volume-using-macquisition-2/ Imaging a FileVault 2-Encrypted Volume using Macquisition]
* [https://www.blackbagtech.com/blog/2015/04/08/imaging-a-fusion-drive-with-filevault-2-encryption-using-macquisition/ Imaging a Fusion Drive with FileVault 2 Encryption using Macquisition]
* [https://www.forensicswiki.org/wiki/Mac_OS_X Mac OS X on Forensics Wiki]


==Apple's Resources==
==Apple's Resources==
Line 25: Line 30:
==Archives==
==Archives==
* [https://link.springer.com/chapter/10.1007/0-387-36891-4_13 MacOS X Forensics], Philip Craiger and Paul Burke, IFIP, DigitalForensics 2006, Advances in Digital Forensics II
* [https://link.springer.com/chapter/10.1007/0-387-36891-4_13 MacOS X Forensics], Philip Craiger and Paul Burke, IFIP, DigitalForensics 2006, Advances in Digital Forensics II
==Course Ideas==
* Cracking FileVault2 with JohnTheRipper
* The Diskutil command

Revision as of 07:54, 3 November 2018

Notes on Mac Forensics.

On the Web


Apple's Resources

Drive Image Tools

Forensics Programs

Terminal Hacks

Is FV2 running? 

   fdsetup status

People

Ryan Kubasiak, previously ran http://www.macosxforensics.com/, now on the digital crimes team at Apple

Archives

  • MacOS X Forensics, Philip Craiger and Paul Burke, IFIP, DigitalForensics 2006, Advances in Digital Forensics II


Course Ideas

  • Cracking FileVault2 with JohnTheRipper
  • The Diskutil command
Retrieved from "https://simson.net/wiki/index.php?title=Mac_forensics&oldid=1971"