Most of the artifacts that we located were user specific while a few were machine specific. The lists contained many different artifacts ranging from application specific artifacts to system configuration files. We are happy to report that we finished our examination of the two images and were able to compile a list of artifact locations for both Yosemite and El Capitan. The last time we update our progress we had just completed data gen and imaging of both the OS X Yosemite and El Capitan machines. Overall the two versions of OS X were very similar and only had a few minor differences. Then we generated a final report that will be available at “Mac Forensics Report” (Link to the final report). During that time period we finished examining the two operating systems and compiled spreadsheets containing the artifact locations. It has been a while since the last time we reported on our progress. However, in terms of forensic artifacts it was fairly similar to OS X Yosemite with a few changes noted, but most of the artifacts remained the same. El Capitan has brought several new updates to OS X especially in terms of the default Apple apps. As such, many users have updated their systems to at least one of the two versions of the OS X operating system. Mac OS X Yosemite and El Capitan have both been available to Mac users for a while now.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |