Inside the Core
The Macintosh Forensic Podcast


Follow Us

Categories

general
podcasts

Archives

2011
November
June

2010
December
July
June
March

2009
December
November
October
August
July
June
May

May 2009
S M T W T F S
     
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31

Syndication

iTunes Enhanced Mp3 Version

Disclaimer:
The Inside the Core podcast is provided for entertainment only. Any information, techniques, software or equipment that is discussed should be researched, tested and validated prior to use. This podcast is not a substitute for specialized training that is required for computer forensics. The topics of discussion and/or opinions are those of the host(s) and do not reflect the views of the hosts employers or former employers. Discussion of content, goods, or services provided by outside entities does not imply endorsement. Nothing in the podcast should be construed as an offer, solicitation or recommendation to buy or sell any specific products or training.

Inside the Core Episode 1 Well, we finally got Episode 1 uploaded! We had some minor problems with sound quality, hopefully we will get those cleared up for the next episode.

You can send any comments or questions to:
Click here to send The MacDudes an e-mail


Episode 1 Show Notes (Download at: Show Notes)

Single User Mode:

GOLDEN RULE: Use OPTION key to boot first and confirm no Firmware Password

-If Firmware Password in use, power off.
(Firmware Password Options will be covered in a later podcast)

-Single User Mode can be used to find Date/Time of the system without making
changes

-After OPTION key boot and confirmation of no firmware password

-REBOOT holding OPTION + ʻSʼ Key to boot into Single User Mode

-Will be similar to a Verbose boot

-After boot stops, type “Date” at cursor and date and time will be displayed.

-To find the make & model of the installed hard drive, look for the line that starts with "Got Boot Device"

-Can also run System Profiler to access information about the system

Training:

Forward Discovery:
-Non-Tool Specific Mac Forensics Survival Course
-Teaches how to do Mac Forensics using Mac
-Basic and Advanced Courses being offered Internationally

BlackBag Technologies:
-Offers both training for non-tool and Blackbag Tool Training
-Suite of Proprietary tools for using a Mac to do Mac Forensics
-Beginner, Intermediate, and Advanced Courses

SubRosaSoft:
-Also offers tool specific training
-MacForensicsLab:Proprietary software

Purdue University: (Law Enforcement Only):
-3 day class
-Traveling Class and at the University
-Beginning and Advanced Course

Apple:
-Several certifications:
-Apple Certified Support Professional (ACSP)
-Apple Certified Technical Coordinator (ACTC)
-Apple Certified System Administrator (ACSA)
-Range of Apple Software Pro Certifications as well


Plist of the Week(PLOW):

This weekʼs PLOW is: com.apple.ipod.plist

1.It is located in both Global and User: Library --> Preferences

2.Contains information about all IPod/IPhone devices connected to system.

3.Includes (not comprehensive):
  a.UUID: Unique ID for the Device
  b.Connected: Last Connected Date/Time
  c. Device Class: IPod/IPhone
  d.Firmware Version
  e.Serial Number
  f. IMEI (IPhone)
  g.Use Count

Direct download: Inside_the_Core_Episode_1.m4a
Category:podcasts -- posted at: 3:05pm PST

TechSmith offers Snagit for Free TechSmith is offering Snagit for free until June 5, 2009. It is normally $49.95. This is a Windows based program that allows you to create screen captures. It is easy to use and a great program.

http://tiny.cc/Free_SnagIt

Thanks to Beth for the info!

If you have any tips you would like to share, let us know at:

coreforensics@gmail.com

The Macdudes

Category:general -- posted at: 12:54pm PST

Upcoming Episode 1 We are currently working on Episode 1 and hope to have it uploaded within the week. Check back here or at the iTunes Store.

In Episode 1 we will be covering:

Single User Mode

How to get the date and time on a Mac

Macintosh Forensic Training

We will also have our regular feature, The Plist of the Week.

If you have any comments, questions or a topic you would like covered, you can email us at, coreforensics@gmail.com

Thanks
The MacDudes
Category:general -- posted at: 5:00am PST

Inside the Core Introduction Welcome to Inside the Core, the Macintosh & Apple Device Forensics podcast.

Today is a short introduction into what Inside the Core is all about. We will cover Mac specific resources and the Plist of the Week.

Resources

The Mac OS X Forensics website
www.macosxforensics.com

The Mac OS Forensics Yahoo Group
tech.groups.yahoo/group/macos_forensics

Tips & Tricks at the MacForensicLabs website
www.macforensicslab.com

Plist of the Week

com.apple.preferences.account.plist

This plist is located in the Local Library (/Library/Preferences) and holds information pertaining to deleted user accounts. These user accounts can be totally deleted from the system or archived by the administrator.

To see if the user accounts were archived, look in the Users folder for the Deleted Users subfolder (/Users/Deleted Users/). User accounts that have been archived will be in a disk image (DMG) format or if it was FileVaulted, a sparsebundle image.


Direct download: Inside_the_Core_Intro.m4a
Category:podcasts -- posted at: 8:31am PST