Mac OS X, iPod, and iPhone Forensic Analysis DVD Toolkit
By- Jesse Varsalone, Jesse Varsalone is a Cisco Certified Academy Instructor and holds the CCNA certification. Jesse is also a CISSP, MCT, MCSE, and currently works as a Computer Forensics Senior Professional.
This book and companion DVD provide digital forensic investigators, security professionals, and law enforcement with all of the information, tools, and utilities required to conduct forensic investigations of computers running any variant of the Macintosh OS X operating system, as well as the almost ubiquitous iPod and iPhone. Digital forensic investigators and security professionals subsequently can use data gathered from these devices to aid in the prosecution of criminal cases, litigate civil cases, audit adherence to federal regulatory compliance issues, and identify breech of corporate and government usage policies on networks. The companion DVD contains custom tools developed by the authors, which can be used in real-life digital forensic investigations.MAC Disks, Partitioning, and HFS+ File System Manage multiple partitions on a disk, and understand how the operating system stores data.FileVault and Time Machine Decrypt locked FileVault files and restore files backed up with Leopard's Time Machine.Recovering Browser History Uncover traces of Web-surfing activity in Safari with Web cache and .plist filesRecovering Email Artifacts, iChat, and Other Chat Logs Expose communications data in iChat, Address Book, Apple's Mail, MobileMe, and Web-based email.Locating and Recovering Photos Use iPhoto, Spotlight, and shadow files to find artifacts pof photos (e.g., thumbnails) when the originals no longer exist.Finding and Recovering QuickTime Movies and Other Video Understand video file formats--created with iSight, iMovie, or another application--and how to find them.PDF, Word, and Other Document Recovery Recover text documents and metadata with Microsoft Office, OpenOffice, Entourage, Adobe PDF, or other formats.Forensic Acquisition and Analysis of an iPod Documentseizure of an iPod model and analyze the iPod image file and artifacts on a Mac.Forensic Acquisition and Analysis of an iPhone Acquire a physical image of an iPhone or iPod Touch and safely analyze without jailbreaking.
Audience
Digital forensic investigators and security professionals.
Paperback, 576 Pages
Published: December 2008
Imprint: Syngress
ISBN: 978-1-59749-297-3
Contents
- Chapter 1 Tiger and Leopard Mac OS X Operating SystemsChapter 2 Getting a Handle on Mac HardwareChapter 3 Mac Disks and PartitioningChapter 4 HFS Plus File SystemChapter 5 FileVaultChapter 6 Time MachineChapter 7 Acquiring Forensic ImagesChapter 8 Recovering Browser HistoryChapter 9 Recovery of E-mail Artifacts, iChat, and Other Chat LogsChapter 10 Locating and Recovering PhotosChapter 11 Finding and Recovering Quicktime Movies and other VideoChapter 12 Recovering PDFs, Word Files, and Other DocumentsChapter 13 Forensic Acquisition of an iPodChapter 14 iPod ForensicsChapter 15 Forensic Acquisition of an iPhoneChapter 16 iPhone ForensicsAppendix A Using Boot Camp, Parallels, and VMware Fusion in a MAC EnvironmentAppendix B Capturing Volatile Data on a Mac
