O'Reilly logo

Mac® Security Bible by Joe Kissell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 24. Forensics: Discovering What Went Wrong

IN THIS CHAPTER

Understanding the basics of computer forensics

Finding software that shouldn't be running on your Mac

Discovering what network connections are in progress

Examining a compromised Mac with MacForensicsLab

Using other forensics utilities

The word forensics has a number of meanings and can conjure up images of everything from high school speech competitions to medical examiners performing autopsies. In the computer world, forensics refers to an examination of a computer's data that, ideally, prevents any of that data from changing in the course of the investigation. For example, if a computer is suspected of having been used in a crime or if an employer believes that an employee has misused company equipment, investigators or law enforcement personnel might undertake a forensic examination of a computer to look for evidence of wrongdoing. In such cases, it's important that the integrity of the data be preserved during the investigation so potential evidence doesn't disappear while it's being examined and so investigators can't be accused of planting false evidence.

As interesting and important as that aspect of forensics may be, however, the main focus of this chapter isn't on tracking down incriminating files to be used in legal proceedings. This being a book on Mac security, my primary concern here is helping you discover the source of a digital security breach (such as a malware infestation or a network intrusion) ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required