MAC OS X Cheetah, Puma, Jaguar and Panther were still on the Motorola CISC Architecture - but the kernel is now on a modified BSD Unix platform (Darwin). It only journals metadata, but this is very useful for recovery (First introduced with MacServer for recovery) It supports journaling, quotas, byte-range locking, Finder information in metadata, multiple encodings, hard and symbolic links, aliases, support for hiding file extensions on a per-file basis. MAC FORENSICS HFS+ It is now the preferred file system on the MAC OS X. Introduced the Catalog File, which replaced the flat table structure of MFS (previous). This was much more advanced than comparable file systems like DOS’s FAT at the time. MAC FORENSICS HFS - Hierarchical File System Most interesting component is the Resource Fork - which allows a file to have multiple forks (normally a data and a resource fork). MAC CLASSIC To conduct a forensic exam you will have to go back to: Tech tools Norton Unerase for Mac Specific separate tools that conducted specific tasks
MAC CLASSIC OS 8.0 and OS 9.0 HFS and HFS+ on Motorola CISC architecture Significant enhancements were made throughout the upgrades on these systems - but they are very different from Windows based systems.
Why? iPod and iPhone have increased interest in other Apple products Many people now consider Vista more difficult to use than Mac’s. WHY MAC FORENSICS? Mac’s are rapidly gaining market share. Nesbitt Federal Bureau of Investigation With assistance from presentations Prepared by John Mallory And Wayne Mitchell MacIntosh Forensics A presentation by Special Agent Thomas R.
0 kommentar(er)
