OLEG Mac OS

• Oleg Mac Os 11
• Oleg Massage Therapist

1. Oleg's characteristic features are a rather unusual face appearance, as well as a dragon tattoo on his chest. In his videos, he appears in a company with friends, with whom he drinks alcohol and dances. Got the reputation of the King of Antiglamour.
2. Global Nav Open Menu Global Nav Close Menu; Apple; Shopping Bag +.

RSS Feed for this tag 30 applications totalLast updated: Jul 26th 2016, 10:12 GMT

In 1984, Apple debuted the operating system that is now known as the 'Classic' Mac OS with its release of the original Macintosh System Software. The system, rebranded 'Mac OS' in 1996, was preinstalled on every Macintosh until 2002 and offered on Macintosh clones for a short time in the 1990s. Liy error mac os. Beachhead 2020 mac os.

Oleg Mac Os 11

We are not sure about your labs, but our receives more and more Macs for forensic examination every month. And, of course, some of the cases require us to find forensic artefacts of external USB drives connections and files copying. We know that you guys liked our last article regarding USB forensics on Windows systems, so we decided to write another hitchhiker's guide, this time about macOS USB forensics.

Let's start. In our case ex-employee brought an external USB drive and stole company's property. As that employee was involved in design, it was a bunch of AI and PSD files.

If you dealt with Macs before, you should know that you can get a lot of information from plist files, so to do macOS USB forensics, you will need a forensic tool with plists viewer. We are going to use Magnet AXIOM, but you can use a tool of your choice.

A good place to start is the Preferences folder located in //Library. It's full of plist files, but let's start from the following:

• com.apple.finder.plist

Open it with a plist viewer of you choice and look at 'RecentMoveAndCopyestinations' value.

Figure 1. https://hazardbonushomesdiceahzokgame.peatix.com. com.apple.finder.plist

Yes, we got the mount point of the external USB drive. Now we are going to use the Keyword Search feature to search for more artefacts using the mount point. In our case, we have found a few records showing the user downloaded some JPGs to the external USB drive from the Internet.

Figure 2. Evidence of files downloaded from the Internet to an external USB drive with Google Chrome Bubber bopper mac os.

During forensic examination of the user's profile folder we have found a very interesting subfolder – .wdc. Inside of it there are lots of files with extremely valuable pieces of information from a forensic point of view, especially inside the db subfolder.

For example, devices.tingo – you can see the contents of this file on figure 3.

Figure 3. devices.tingo contents

As you can see, it contains lots of extremely valuable pieces of information: drive model and serial number, its capacity, mount point, name, etc.

Looks amazing, isn't it?!

Ok, now it would be great to collect information about files copied to this external USB drive. Let's go back to the Preferences folder. In our case the most valuable plist was the following:

• com.adobe.mediabrowser.plist

This plist file contains most recently used (MRU) Illustrator and Photoshop files. And the number is not 10 or 20 as you usually see, but 500 (!). So it was a real gold mine!

Of course, you don't always need to find AI and PSD files, you may want to find DOC, XLS, etc. The Preferences folder may help you with this too. There are even some tools that can help you to automate MRU finding, for example, macMRU Parser by Sarah Edwards. Sadies stabby sword story mac os.

Also a good technique to find not common USB artefacts is to index the whole image and search for mount point or drive name – you can find a lot.

We would be happy if you share your macOS USB forensic artefacts in the comments to this post.

Happy forensicating!

About the authors

Oleg Skulkin, MCFE, ACE, is a DFIR enthusional (enthusiast + professional) and Windows Forensics Cookbook co-author.

Oleg Massage Therapist

Igor Mikhaylov, MCFE, ACE, OSFCE, is a digital forensic examiner with more than 20 years of experience and Mobile Forensics Cookbook author.