Mac OS X Forensics/ Mac OS x and iOS Handoff
Start up/Recap
At the start of this new semester we decided to take a fresh look at two projects and merge them: the Mac OSX Forensics (default artifact locations), and the Mac OS and iOS Handoff Connection. Now that our team is familiar with Mac OS and how to generate data and log it for analysis, we want to start fresh with some new methods to make the projects run more smoothly. Instead of using and holding up multiple Mac computers, we decided to use Mac VMs (Virtual Machines) to streamline the process of data gen and analysis.
iOS Handoff Recap:
This feature was introduced with the release of iOS 8. A Mac running OS X Yosemite can transfer what you are doing on your phone to your computer or vice versa, so that you can continue your work across devices. You are able to send text messages and make phone calls from your phone through your Mac. We want to be able to see what artifacts get left behind on both the Mac and the iPhone during this.
Mac OS X Forensics Recap:
Not everyone has experience with every operating system; most people stick with either Windows or Mac. This is why we want to create a comprehensive report on Mac OSX forensics to help forensic examiners with scarce experience working with Macintosh Computers. This report will show a lot of default locations for artifacts for law enforcement or fellow examiners to refer to if they do not know where to look. We are generating data on a Mac VM and then viewing it in a forensic program.