Security Basics mailing list archives
Re: Mac Forensics
From: xyberpix <xyberpix () xyberpix com>
Date: Sun, 23 Apr 2006 14:01:06 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1Also bear in mind that if FileVault was turned on, everything in the User's home directory will be AES encrypted, so you will need the username and password to get around this.
xyberpix Blog: http://blogs.securiteam.com On 21 Apr 2006, at 20:20, Christopher Carpenter wrote:
I believe EnCase (http://www.guidancesoftware.com/) will handle Mac partitions and data recovery. Keep in mind that if the data was overwritten, it will be much more difficult to recover. Chris -----Original Message----- From: Even [mailto:fluxster () gmail com] Sent: Friday, April 21, 2006 9:20 AM To: security-basics () securityfocus com Subject: Mac Forensics Hi list, I'm after some pointers on recovering the browsing history from a mac, the history has been wiped so will need to be undeleted. I know how i would go about this on a windows pc but have never done it on a mac before. All help advice would be great. I know a proxie/transparent cache would stop me needing to do this but it's for a computer form another company. Thanks E---------------------------------------------------------------------- ---This List Sponsored by: WebrootDon't leave your confidential company and customer records un- protected.Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php---------------------------------------------------------------------- ----
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFES3qS2VKEoIQBZwkRArE1AJ9I+Ot4+9x1+xcdh/Col4Bz5uB3dACglGQ4 nRr7faISjtWjLkGabP5wgo4= =3IYc -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This List Sponsored by: WebrootDon't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php --------------------------------------------------------------------------
Current thread:
- Mac Forensics Even (Apr 21)
- <Possible follow-ups>
- Re: Mac Forensics heywoodjabuzzoff (Apr 21)
- RE: Mac Forensics Christopher Carpenter (Apr 21)
- Re: Mac Forensics xyberpix (Apr 24)
- Re: RE: Mac Forensics anonymous (Apr 24)