Title
Mac Os X Forensics
Keywords
Mac OS X forensics; Macintosh computers
Abstract
This paper describes procedures for conducting forensic examinations of Apple Macs running Mac OS X. The target disk mode is used to create a forensic duplicate of a Mac hard drive and preview it. Procedures are discussed for recovering evidence from allocated space, unallocated space, slack space and virtual memory. Furthermore, procedures are described for recovering trace evidence from Mac OS X default email, web browser and instant messaging applications, as well as evidence pertaining to commands executed from a terminal. © 2006 Springer-Verlag US.
Publication Date
12-1-2006
Publication Title
IFIP Advances in Information and Communication Technology
Volume
222
Number of Pages
159-170
Document Type
Article; Proceedings Paper
Personal Identifier
scopus
DOI Link
https://doi.org/10.1007/978-0-387-36891-7-13
Copyright Status
Unknown
Socpus ID
34047209313 (Scopus)
Source API URL
https://api.elsevier.com/content/abstract/scopus_id/34047209313
STARS Citation
Craiger, Philip and Burke, Paul, "Mac Os X Forensics" (2006). Scopus Export 2000s. 8098.
https://stars.library.ucf.edu/scopus2000/8098