19.7. Summary
In this chapter we took a cursory look at the delicate art of forensics. We also looked heavily at using MacForensicsLab to perform the acquisition and analysis of a drive, but we wouldn't want to take anything away from many of the other solutions out there. They are almost all fantastic. What software cannot do is actually parse through every single file and folder and return all of the relevant data. This could be because a date is stored in some kind of encoded format, or because it's in an image. Manual analysis of the acquired data will net a far more accurate account of events if done so in the hands of a well-trained forensics analyst.
Use this chapter as a reference to perform front-line forensics analysis or as a reference ...
Get Enterprise Mac Security: Mac OS X Snow Leopard now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
