Publishers of technology books, eBooks, and videos for creative people

Home > Articles > Apple > Operating Systems

Mac OS X Security Part 2: The Mac Forensic Toolkit

  • Print
  • + Share This
Part 1 of Ryan Faas' security series discussed the processes behind investigating inappropriate or criminal activities using data forensics, including the importance of not contaminating evidence by acquiring and working with forensic-quality disk images of affected hard drives. This article moves from the basic methods for performing a forensic investigation under Mac OS X to profiling the various tools that are available to perform such investigative work.
Like this article? We recommend

Like this article? We recommend

Hardware Write Blockers

Write blockers are physical devices that attach to SCSI, IDE, and SATA hard drives at one end and to a computer via FireWire or USB 2.0 on the other end. Similar to external drive enclosures, write blockers have one important additional feature: they prevent the computer from writing any data to the drive. As discussed in part 1 of this series, one of the principal rules of forensic investigation is to not contaminate your evidence, which even mounting a hard drive under normal conditions with Mac OS X (and most other operating systems) will do. While there are methods to acquire a disk image or copy of a disk using Mac OS X without using a write blocker, those methods are not foolproof and it is possible to accidentally mount or modify the evidentiary drive. Write blockers ensure that you cannot contaminate the drive and offer a way to prove that fact. They range in price from around $100 to upward of $500 depending on the features included.

  • + Share This
  • 🔖 Save To Your Account