mac forensics report is complete
In the Mac Forensics report, the team at the LCDI looked at operating systems for Macs and tried to determine what artifacts can be collected and where their default locations can be found. Then they compared the two main operating systems: OS X and El Capitan.
background information
Last year the LCDI analyzed and created a list of artifact locations within OS X Yosemite. In our research we referenced a similar existing document, OS X Lion Artifacts, created by Sean Cavanaugh and published through the website Apple Examiner. Both resources helped us determine which artifacts to create in data generation and where to start looking once our data generation was completed.
purpose and scope
This report will support digital forensic law enforcement personnel, students, and investigators alike, serving as a guide to the default locations of forensic artifacts in both OS X Yosemite and El Capitan. This will be beneficial because it will outline where artifacts are located in the file system, allowing investigators to quickly locate them rather than conduct a lengthy search. This report will compare the default locations of artifacts between OS X Yosemite and OS X El Capitan. It will also detail the new locations that artifacts have been found in. This is valuable, as OS X works differently than Windows. OS X is, at its core, a custom version of Unix, while Windows is built on Windows NT. It will be a valid resource for those new to OS X, as well as those with experience.
To read the full and download the full report, follow this link.