This book provides digital forensic investigators, security professionals, and law enforcement with all of the information, tools, and utilities required to conduct forensic investigations of computers running any variant of the Macintosh OS X operating system, as well as the almost ubiquitous iPod and iPhone. Digital forensic investigators and security professionals subsequently can use data gathered from these devices to aid in the prosecution of criminal cases, litigate civil cases, audit adherence to federal regulatory compliance issues, and identify breech of corporate and government usage policies on networks.
MAC Disks, Partitioning, and HFS+ File System Manage multiple partitions on a disk, and understand how the operating system stores data.
FileVault and Time Machine Decrypt locked FileVault files and restore files backed up with Leopard's Time Machine.
Recovering Browser History Uncover traces of Web-surfing activity in Safari with Web cache and .plist files
Recovering Email Artifacts, iChat, and Other Chat Logs Expose communications data in iChat, Address Book, Apple's Mail, MobileMe, and Web-based email.
Locating and Recovering Photos Use iPhoto, Spotlight, and shadow files to find artifacts pof photos (e.g., thumbnails) when the originals no longer exist.
Finding and Recovering QuickTime Movies and Other Video Understand video file formats--created with iSight, iMovie, or another application--and how to find them.
PDF, Word, and Other Document Recovery Recover text documents and metadata with Microsoft Office, OpenOffice, Entourage, Adobe PDF, or other formats.
Forensic Acquisition and Analysis of an iPod Documentseizure of an iPod model and analyze the iPod image file and artifacts on a Mac.
Forensic Acquisition and Analysis of an iPhone Acquire a physical image of an iPhone or iPod Touch and safely analyze without jailbreaking.
Key Features
- Includes Unique Information about Mac OS X, iPod, iMac, and iPhone Forensic Analysis Unavailable Anywhere Else
- Authors Are Pioneering Researchers in the Field of Macintosh Forensics, with Combined Experience in Law Enforcement, Military, and Corporate Forensics
Chapter 2 Getting a Handle on Mac Hardware
Chapter 3 Mac Disks and Partitioning
Chapter 4 HFS Plus File System
Chapter 5 FileVault
Chapter 6 Time Machine
Chapter 7 Acquiring Forensic Images
Chapter 8 Recovering Browser History
Chapter 9 Recovery of E-mail Artifacts, iChat, and Other Chat Logs
Chapter 10 Locating and Recovering Photos
Chapter 11 Finding and Recovering Quicktime Movies and other Video
Chapter 12 Recovering PDFs, Word Files, and Other Documents
Chapter 13 Forensic Acquisition of an iPod
Chapter 14 iPod Forensics
Chapter 15 Forensic Acquisition of an iPhone
Chapter 16 iPhone Forensics
Appendix A Using Boot Camp, Parallels, and VMware Fusion in a MAC Environment
Appendix B Capturing Volatile Data on a Mac
9780321240699, Real Digital Forensics: Computer Security and Incident Response (Paperback) Keith J. Jones, Richard Bejtlich, Curtis W. Rose 688 pages. Addison-Wesley, December 2005. Bookscan: 3,508 units. $54.99 Trade Discount. (Book and DVD package)
0121631044; Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet, $69.96, Eoghan Casey. 688 pages Elsevier Academic Press March 2004. 8,891 Units LTD, 1564 Bookscan.
