Security Basics mailing list archives

Re: Mac Forensics

From: xyberpix <xyberpix () xyberpix com>
Date: Sun, 23 Apr 2006 14:01:06 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Also bear in mind that if FileVault was turned on, everything in theUser's home directory will be AES encrypted, so you will need theusername and password to get around this.


xyberpix

Blog: http://blogs.securiteam.com



On 21 Apr 2006, at 20:20, Christopher Carpenter wrote:

I believe EnCase (http://www.guidancesoftware.com/) will handle Mac
partitions and data recovery.

Keep in mind that if the data was overwritten, it will be much more
difficult to recover.

Chris

-----Original Message-----
From: Even [mailto:fluxster () gmail com]
Sent: Friday, April 21, 2006 9:20 AM
To: security-basics () securityfocus com
Subject: Mac Forensics

Hi list,
I'm after some pointers on recovering the browsing history from a mac,
the history has been wiped so will need to be undeleted. I know how i
would go about this on a windows pc but have never done it on a mac
before.
All help advice would be great. I know a proxie/transparent cache
 would stop me needing to do this but it's for a computer form another
company.
Thanks
 E

-------------------------------------------------------------------------

This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected.

Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php

--------------------------------------------------------------------------


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFES3qS2VKEoIQBZwkRArE1AJ9I+Ot4+9x1+xcdh/Col4Bz5uB3dACglGQ4
nRr7faISjtWjLkGabP5wgo4=
=3IYc
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected.Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with noobligation. See why so many companies trust Spy Sweeper Enterprise toeradicate spyware from their networks.

FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------

Current thread:

Mac Forensics Even (Apr 21)
- <Possible follow-ups>
- Re: Mac Forensics heywoodjabuzzoff (Apr 21)
- RE: Mac Forensics Christopher Carpenter (Apr 21)
  - Re: Mac Forensics xyberpix (Apr 24)
- Re: RE: Mac Forensics anonymous (Apr 24)