This book and companion DVD provide digital forensic investigators, security professionals, and law enforcement with all of the information, tools, and utilities required to conduct forensic investigations of computers running any variant of the Macintosh OS X operating system, as well as the almost ubiquitous iPod and iPhone. Digital forensic investigators and security professionals subsequently can use data gathered from these devices to aid in the prosecution of criminal cases, litigate civil cases, audit adherence to federal regulatory compliance issues, and identify breech of corporate and government usage policies on networks. The companion DVD contains custom tools developed by the authors, which can be used in real-life digital forensic investigations. MAC Disks, Partitioning, and HFS+ File System Manage multiple partitions on a disk, and understand how the operating system stores data. FileVault and Time Machine Decrypt locked FileVault files and restore files backed up with Leopard's Time Machine. Recovering Browser History Uncover traces of Web-surfing activity in Safari with Web cache and .plist files Recovering Email Artifacts, iChat, and Other Chat Logs Expose communications data in iChat, Address Book, Apple's Mail, MobileMe, and Web-based email. Locating and Recovering Photos Use iPhoto, Spotlight, and shadow files to find artifacts pof photos (e.g., thumbnails) when the originals no longer exist. Finding and Recovering QuickTime Movies and Other Video Understand video file formats--created with iSight, iMovie, or another application--and how to find them. PDF, Word, and Other Document Recovery Recover text documents and metadata with Microsoft Office, OpenOffice, Entourage, Adobe PDF, or other formats. Forens

Key Features

* Companion DVD Contains Custom Materials )Movies, Spreadsheet, Code, Utilities, Etc.) That Can Be Used in a Real Digital Forensic Investigation * Includes Unique Information about Mac OS X, iPod, iMac, and iPhone Forensic Analysis Unavailable Anywhere Else * Authors Are Pioneering Researchers in the Field of Macintosh Forensics, with Combined Experience in Law Enforcement, Military, and Corporate Forensics


Digital forensic investigators and security professionals.

Table of Contents

Chapter 1 Tiger and Leopard Mac OS X Operating Systems Chapter 2 Getting a Handle on Mac Hardware Chapter 3 Mac Disks and Partitioning Chapter 4 HFS Plus File System Chapter 5 FileVault Chapter 6 Time Machine Chapter 7 Acquiring Forensic Images Chapter 8 Recovering Browser History Chapter 9 Recovery of E-mail Artifacts, iChat, and Other Chat Logs Chapter 10 Locating and Recovering Photos Chapter 11 Finding and Recovering Quicktime Movies and other Video Chapter 12 Recovering PDFs, Word Files, and Other Documents Chapter 13 Forensic Acquisition of an iPod Chapter 14 iPod Forensics Chapter 15 Forensic Acquisition of an iPhone Chapter 16 iPhone Forensics Appendix A Using Boot Camp, Parallels, and VMware Fusion in a MAC Environment Appendix B Capturing Volatile Data on a Mac


No. of pages:
© 2009
Print ISBN:
Electronic ISBN:

About the author

Jesse Varsalone

Jesse Varsalone is a Cisco Certified Academy Instructor and holds the CCNA certification. Jesse is also a CISSP, MCT, MCSE, and currently works as a Computer Forensics Senior Professional.