In three pages, convince the reader that Mac forensics analysis is best completed when using a Mac system. Lay out all the reasons with specific details including feature or functionality that can’t be translated or is not optimally translated in the process.
The student will investigate and be able to explain the potential issues surrounding the use of alternative file systems to conduct Mac forensics examinations.
Question
Solution Preview
This material may consist of step-by-step explanations on how to solve a problem or examples of proper writing, including the use of citations, references, bibliographies, and formatting. This material is made available for the sole purpose of studying and learning - misuse is strictly forbidden.
Whether the comparison is made between live capturing tools or image acquisition tools, Mac operating system cannot be fully examined using either a Windows-based forensic tool or even a Linux/UNIX based forensic tool, from several reasons:- There are certain features specific to Mac OS X that cannot be translated by other similar tools (e.g. PLIST exploration and display, file system- DMG images are not fully supported by other forensic tools);
- The examiners who are not very aware of file locations and paths from a Mac system can fail when searching for digital evidences when they are using tools designed for other operating systems or even a compatible type of operating system;...
Return to homework library