[FRIAM] Digital forensics?

Tom Johnson tom at jtjohnson.com
Thu Apr 18 00:06:15 EDT 2019 

Thank you, sir.

On Wed, Apr 17, 2019, 7:24 PM Russell Standish <lists at hpcoders.com.au>
wrote:

> Using Linux, you can just mount the Mac's hard drive, and use unix
> tools to investigate those files that were touched in the time span of
> interest. To be really sure, you should clone the drive first (eg
> using the Linux dd command) so that you don't accidently destroy any
> evidence in your poking around (you work with just the copy).
>
> As for the iPhone, I don't know how you would clone its storage, as
> it's locked down by Apple. Presumably, you would need to jail break
> the device first (potentially destroying the evidence you're looking
> for). But once you have cloned it, you can mount the storage on Linux
> as per usual - I believe iOS just uses the normal HDF+ file system
> that MacOSX uses.
>
> Cheers
>
> On Wed, Apr 17, 2019 at 10:42:52AM -0600, Tom Johnson wrote:
> > A friend writes:
> >
> > "A friend and colleague recently died under suspicious/unclear
> circumstances
> > overseas and the local police appear to have somehow unlocked his Apple
> devices
> > (an iphone and Macbook laptop).
> >
> > Those devices are now in the family's possession and I said I'd look into
> > whether tools or experts might exist to help assess what files/stuff were
> > accessed, deleted, or added to his devices close to and since the
> evening of
> > his death.
> > Can you offer any advice?"
> >
> > FRIAM-ers: any suggestions or advice?
> >
> > Tom
> >
> > ============================================
> > Tom Johnson - tom at jtjohnson.com
> > Institute for Analytic Journalism   --     Santa Fe, NM USA
> > 505.577.6482(c)                                    505.473.9646(h)
> > NM Foundation for Open Government
> > Check out It's The People's Data
> > ============================================
> >
> >
> > [icon-] Virus-free. www.avast.com
> >
> >
>
> > ============================================================
> > FRIAM Applied Complexity Group listserv
> > Meets Fridays 9a-11:30 at cafe at St. John's College
> > to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
> > archives back to 2003: http://friam.471366.n2.nabble.com/
> > FRIAM-COMIC http://friam-comic.blogspot.com/ by Dr. Strangelove
>
>
> --
>
>
> ----------------------------------------------------------------------------
> Dr Russell Standish                    Phone 0425 253119 (mobile)
> Principal, High Performance Coders
> Visiting Senior Research Fellow        hpcoder at hpcoders.com.au
> Economics, Kingston University         http://www.hpcoders.com.au
>
> ----------------------------------------------------------------------------
>
> ============================================================
> FRIAM Applied Complexity Group listserv
> Meets Fridays 9a-11:30 at cafe at St. John's College
> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
> archives back to 2003: http://friam.471366.n2.nabble.com/
> FRIAM-COMIC http://friam-comic.blogspot.com/ by Dr. Strangelove
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://redfish.com/pipermail/friam_redfish.com/attachments/20190417/9c6d0264/attachment.html>

More information about the Friam mailing list