This Is A Custom Widget

This Sliding Bar can be switched on or off in theme options, and can take any widget you throw at it or even fill it with your custom HTML Code. Its perfect for grabbing the attention of your viewers. Choose between 1, 2, 3 or 4 columns, set the background color, widget divider color, activate transparency, a top border or fully disable it on desktop and mobile.

This Is A Custom Widget

This Sliding Bar can be switched on or off in theme options, and can take any widget you throw at it or even fill it with your custom HTML Code. Its perfect for grabbing the attention of your viewers. Choose between 1, 2, 3 or 4 columns, set the background color, widget divider color, activate transparency, a top border or fully disable it on desktop and mobile.

Mac Forensics

/Mac Forensics
­

DFSP # 045 – RUN DMA

By |December 27th, 2016|Mac Forensics, Podcast, SDF Series|

Direct Memory Access for Bypassing Passwords This week I talk DMA (direct memory access) exploits as a technique to bypass passwords of a live system to conduct imaging - with legal authority of course. Show Notes DMA as a Forensic Helper Direct Memory Access (DMA) exploitation works over [...]

DFSP # 043 – Imaging a Mac: Survival Tips

By |December 13th, 2016|Mac Forensics, Podcast, SDF Series|

Tips for Imaging a Mac This week I go over survival tips for imaging a Mac. Show Notes Sources: Mac Fusion Drive  https://en.wikipedia.org/wiki/Fusion_Drive MAC C Port  http://www.macworld.com/article/2894423/thunderbolted-usb-c-is-our-new-connection-overlord-get-used-to-it.html     SDF Training Class of the Week

DFSP # 040 – Mac Log Files

By |November 22nd, 2016|Mac Forensics, Podcast|

Mac Log Files This week I talk about Mac Log files that are useful for File Use & Knowledge investigations as well as Incident Response. Show Notes  Further Information See Sarah Edwards' research on Mac log files at: https://digital-forensics.sans.org/summit-archives/2012/analysis-and-correlation-of-macintosh-logs.pdf   Advanced Console Searching SDF [...]

DFSP # 038 – Finder Sidebar Forensics

By |November 8th, 2016|Mac Forensics, Podcast|

The FINDER SIDEBAR This week it's back to Mac forensics with a look at the the Finder Sidebar and it's value for File Use & Knowledge investigations. Show Notes  What is the FINDER Sidebar? Finder windows have a sidebar with items users frequently access such as folders, disks, and [...]

DFSP # 036 – iCloud Forensic Evidence

By |October 25th, 2016|Mac Forensics, Podcast|

iCloud Forensics This week I breakdown iCloud forensic artifacts. Show Notes Forensic Value Identifying iCloud Accounts: Another source as evidence for email, messages & remote storage of files Preservation orders Identify Mobile documents Other versions of documents in iCloud and\or other devices Identify preview files of Mobile [...]

DFSP # 035 – “Recent” File Listings on a Mac

By |October 18th, 2016|Mac Forensics, Podcast|

"Recent" PLISTS This week I talk about where to find different listing of different recently accessed files on a Mac as well as how to break out the data for interpretation. Show Notes Below are a few useful PLISTS that record "recently" accessed files on a Mac. Here is my usual [...]

DFSP # 034 – Forensic tools for your Mac

By |October 11th, 2016|Mac Forensics, Podcast|

Mac Forensic Tools This week I go over some of my favorite Mac tools. Show Notes Mac Forensic Tools RECON for Mac OS X - Automated Mac Forensics, RAM Imaging, Search features, Live Imaging and Timeline generation. http://www.sumuri.com/products/recon/ PALADIN -  Free imaging option. Offers remote imaging feature where client [...]

DFSP # 033 – PLISTS for Mac Triage

By |October 4th, 2016|Mac Forensics, Podcast|

PLISTS to Triage This week I talk about some common PLISTS to check as part of an initial system triage. Show Notes Below are a few PLISTS I like to check during an initial triage of a system. The four PLISTS below can tell you what version of OS X you [...]

DFSP # 032 – Mac Formats, Libraries & Keychains

By |September 27th, 2016|Mac Forensics, Podcast|

Mac Formats, Libraries & Keychains This week I talk about common Mac file formats, Libraries and Keychains. Show Notes Mac Artifacts   Apple Artifacts are usually these file types: PLIST: Property List file that will be either XML or a binary format. SQLite Database: SQL database.   The different [...]

DFSP # 031 – Mac User Home Folder

By |September 20th, 2016|Mac Forensics, Podcast|

User Home Folder This week I talk about Mac Home Folders to give Mac Examiners an idea of how it is structured and where to look for certain artifacts. Show Notes Contents & overview of a Mac User's Home Folder Desktop:  The desktop is just a directory and any user [...]