Thursday, January 6, 2011

Finanl Year Project Sharing: Mac OS X Forensics

Project Title: Mac OS X Forensics
Categories: Computer Forensics, Digital Forensics, Mac OS X
Students: Adam Ong, Andy Low, Tham Kok Keong, Toh De Wei
Organization: DSO
Supervisor: Dennis Wong (SP), Peter Teoh (DSO)

Synopsis: The purpose of this project is to perform computer forensics to retrieve deleted data in the Mac OS X‟s default file system. The study of the file system and data structure will also be carried out.

Aim: It aims to carry out computer forensics on an operating system that is seldom used by many. Cache files will be retrieved. The web pages that have been visited in the past can also be retrieved. Emails can also be retrieved.

Final Year Project: The FYP intends to provide students an opportunity to integrate knowledge and technical skills they have acquired from the course and experience problem solving, communication and working as a team to work on an Infosec Security Project. In the project, the students are expected to perform problem analysis, investigation, solution design and implementation of security related project

The students in this project spent one semester to complete the project. This involved the study of the operating system, evaulation of computer/digital forensics tools and wrting the report. It was important to note the project was co-supervised by SP lecturer and DSO researcher. The students had learnt the technical know-how from both the supervisors in the area of computer/digital forensics, and really benefited from the project.

"Through this Final Year Project on Mac OS X Forensics, I have a better understanding of the Macintosh File System which is the Hierarchical File System Plus. I had the chance to test out forensic tools such as The Sleuth Kit, Autopsy Forensic Browser, Safari Forensic Tool, File Juicer and HFS Debug. All these tools are essential in the process of performing computer forensics on the Mac. I also realized that data residue still exist after being deleted from the system. The concepts behind computer forensics never change, hence, the skills and knowledge acquired during the process will serve as a foundation for our computer forensics module." said Kok Keong.

Another student, Adam said, "Having done Mac OS X Forensic as my Final Year Project, I have become more familiar with Macintosh Operating System as well as the importance of forensic tools used in the event of a forensic investigation. Don’t ever think that data wiped from your trash will be destroyed permanently, they’re not!"

No comments:

Post a Comment