Tue, 9 June 2009
Episode 2 is uploaded! The sound quality is a bit better but still working on that. In this episode we cover: Defeating the Open Firmware password, Mobile Forensics World's iPhone Forensics panel discussion, the Plist of the Week and a few Mac websites.
You can send any comments or questions to:
Click here to send The MacDudes an e-mail
Episode 1 Show Notes (Download at: Show Notes)
GOLDEN RULE: Use OPTION key to boot first and confirm no Firmware Password
OFP: Prevents any other startup option other than "option" or "startup disk".
If OFP is active and you attempt alternative boot sequence, the system will default to the normal “Startup Disk” and possible writes will be made.
-Dont want to make writes....
1. Boot with option key to confirm Open Firmware Password exist
2. To get around:
A. Pull hard drive and image via write block (24 screws or less)
B. Reconfigure the RAM:
1) Shut down
2) Disconnect power (if laptop remove battery)
3) Remove stick or add stick of RAM to reconfigure
4) Close up, connect battery/power
5) Command+Option+P+R key all at once "Vulcan Death Grip"
6) Listen for 3 Chimes-Indicates reset
7) Restart and use Option key to check
NOTE: Time will be reset. The clock will possibly be off.
Logs may be important.
Mobile Forensics World iPhone Forensics Panel
-Ryan Kubasiak: Macosxforensics.com
-Jonathan Zdziarski : iPhone Forensics author
-Sean Morrissey :Dept. of Defense
-Andrew Hoag : Moderator
-Took questions from audience after moderated question session.
Different ways to get data:
Wolf: Good for unlocked phone, and if you unlock can use.
Raw Disk info: Jonathan Zdziarski and Sean Morrissey
-Concerns as to what is being changed from data
Dont forget about the iPhone backups on the Mac: a wealth of information
PList(s) of the Week(PLOW):
Plist: Registry like files but corruption of one file doesnʼt corrupt the entire system.
Global: Library--> Preferences--> com.apple.quicktime.plist
-Shows Registered User and Registered Key
-Can indicate the key for verififcation of legal software
iWork (Mac Office Suite):
Websites to Check Out:
Mac Shadows: www.macshadows.com