Mac OS X, iPod, and iPhone Forensic Analysis DVD Toolkit, 1st Edition

Key Features

* Companion DVD Contains Custom Materials )Movies, Spreadsheet, Code, Utilities, Etc.) That Can Be Used in a Real Digital Forensic Investigation
* Includes Unique Information about Mac OS X, iPod, iMac, and iPhone Forensic Analysis Unavailable Anywhere Else
* Authors Are Pioneering Researchers in the Field of Macintosh Forensics, with Combined Experience in Law Enforcement, Military, and Corporate Forensics

Description

This book and companion DVD provide digital forensic investigators, security professionals, and law enforcement with all of the information, tools, and utilities required to conduct forensic investigations of computers running any variant of the Macintosh OS X operating system, as well as the almost ubiquitous iPod and iPhone. Digital forensic investigators and security professionals subsequently can use data gathered from these devices to aid in the prosecution of criminal cases, litigate civil cases, audit adherence to federal regulatory compliance issues, and identify breech of corporate and government usage policies on networks. The companion DVD contains custom tools developed by the authors, which can be used in real-life digital forensic investigations.

MAC Disks, Partitioning, and HFS+ File System Manage multiple partitions on a disk, and understand how the operating system stores data.
FileVault and Time Machine Decrypt locked FileVault files and restore files backed up with Leopard's Time Machine.
Recovering Browser History Uncover traces of Web-surfing activity in Safari with Web cache and .plist files
Recovering Email Artifacts, iChat, and Other Chat Logs Expose communications data in iChat, Address Book, Apple's Mail, MobileMe, and Web-based email.
Locating and Recovering Photos Use iPhoto, Spotlight, and shadow files to find artifacts pof photos (e.g., thumbnails) when the originals no longer exist.
Finding and Recovering QuickTime Movies and Other Video Understand video file formats--created with iSight, iMovie, or another application--and how to find them.
PDF, Word, and Other Document Recovery Recover text documents and metadata with Microsoft Office, OpenOffice, Entourage, Adobe PDF, or other formats.
Forensic Acquisition and Analysis of an iPod Documentseizure of an iPod model and analyze the iPod image file and artifacts on a Mac.
Forensic Acquisition and Analysis of an iPhone Acquire a physical image of an iPhone or iPod Touch and safely analyze without jailbreaking.

Readership

Digital forensic investigators and security professionals.

Mac OS X, iPod, and iPhone Forensic Analysis DVD Toolkit, 1st Edition

Chapter 1 Tiger and Leopard Mac OS X Operating Systems
Chapter 2 Getting a Handle on Mac Hardware
Chapter 3 Mac Disks and Partitioning
Chapter 4 HFS Plus File System
Chapter 5 FileVault
Chapter 6 Time Machine
Chapter 7 Acquiring Forensic Images
Chapter 8 Recovering Browser History
Chapter 9 Recovery of E-mail Artifacts, iChat, and Other Chat Logs
Chapter 10 Locating and Recovering Photos
Chapter 11 Finding and Recovering Quicktime Movies and other Video
Chapter 12 Recovering PDFs, Word Files, and Other Documents
Chapter 13 Forensic Acquisition of an iPod
Chapter 14 iPod Forensics
Chapter 15 Forensic Acquisition of an iPhone
Chapter 16 iPhone Forensics
Appendix A Using Boot Camp, Parallels, and VMware Fusion in a MAC Environment
Appendix B Capturing Volatile Data on a Mac