Mac OS X, iPod, and iPhone Forensic Analysis DVD Toolkit

Appendix B. Capturing Volatile Data on a Mac

Solutions in this appendix

Volatile Data Collection
Summary
Solutions Fast Track
Frequently Asked Questions

Introduction

A good investigator will collect as much evidence as possible to build a strong case. Traditional forensic techniques often involved unplugging the suspect system, taking it back to the lab, and analyzing it, a process commonly referred to as dead box forensics. But technology continually emerges and changes and investigative procedures must adapt to deal with these changes.

Pulling the plug may have been a good technique to use on older computers running older operating systems, but starting with OS 10.3 (Panther) and later, FileVault could be implemented on the system you are ...

Get Mac OS X, iPod, and iPhone Forensic Analysis DVD Toolkit now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mac OS X, iPod, and iPhone Forensic Analysis DVD Toolkit by Jesse Varsalone

Appendix B. Capturing Volatile Data on a Mac

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly