Digital forensic on...
 
Notifications
Clear all

Digital forensic on iMac

6 Posts
6 Users
0 Likes
391 Views
(@aleez88)
Posts: 1
New Member
Topic starter
 

My company does not use windows because top management wants all employees using an iMac. My boss assign me a task to do an investigation on digital forensic using iMac. Based on my research, i found that the digital forensic only for Windows. My questions are

1) How to do a digital forensic on iMac?

2) Does iMac have registry / event log like Windows?

3) Is there any appropriate suitable forensic tool for iMac?

Please advise. Your cooperation is greatly appreciated.

Thank you. )

 
Posted : 25/05/2017 7:02 pm
(@dandaman_24)
Posts: 172
Estimable Member
 

You could always use a Windows VM on your Mac.

 
Posted : 25/05/2017 7:48 pm
(@deltron)
Posts: 125
Estimable Member
 

My company does not use windows because top management wants all employees using an iMac. My boss assign me a task to do an investigation on digital forensic using iMac. Based on my research, i found that the digital forensic only for Windows. My questions are

1) How to do a digital forensic on iMac?

2) Does iMac have registry / event log like Windows?

3) Is there any appropriate suitable forensic tool for iMac?

Please advise. Your cooperation is greatly appreciated.

Thank you. )

you could look through the archive of http//www.appleexaminer.com/
https://web.archive.org/web/20160303201648/http//www.appleexaminer.com80/Resources/Resources.html

 
Posted : 25/05/2017 8:19 pm
tracedf
(@tracedf)
Posts: 169
Estimable Member
 

1) How to do a digital forensic on iMac?

That requires a book-length answer. You can find websites with lists of artifacts but if you have no experience with Mac forensics, and especially if you have no forensics experience at all, you're going to have a hard time. I started out using EnCase and really enjoyed the OS X forensics course that Guidance Software offered.

For a good collection of the artifacts available, go here https://github.com/pstirparo/mac4n6

2) Does iMac have registry / event log like Windows?

Mac uses individual (XML format) .plist files instead.

3) Is there any appropriate suitable forensic tool for iMac?

Blacklight comes to mind although I have not used it. In the past, I've used EnCase while also doing some analysis on my Mac. Both vendors offer training on Mac Forensics but the learning curve with EnCase is probably a lot higher (it is not intuitive).

A word of warning if you have no training in forensics, I would encourage you to outsource this for now. It's highly likely that you will miss something important and/or draw the wrong conclusions without some training/experience.

 
Posted : 25/05/2017 9:31 pm
(@randomaccess)
Posts: 385
Reputable Member
 

Get trained up - either the SANS course of the Blackbag course will give you the entry point into the world of mac forensics.

You should also get a copy of Blacklight or Recon to conduct your investigations, and Recon Imager or Macquisition to acquire the images.

 
Posted : 26/05/2017 7:47 am
MDCR
 MDCR
(@mdcr)
Posts: 376
Reputable Member
 

Please advise. Your cooperation is greatly appreciated.

So, your management decides what tools their staff should use? My best advice - Click here.

 
Posted : 26/05/2017 11:09 am
Share: