With our final report completed we are now officially done with this project, at least for now. In the end we had created a nice report that looks great and has detailed information about the artifact locations for both OS X Yosemite and El Capitan. Once that was completed we then had to import all of our spreadsheets containing the artifact locations and format them to fit the theme of the final report as well. As a result, we had to type everything in Google Docs and then import it manually into Word in order to obtain the proper formatting that we were seeking. This led us to have a few headaches further down the line. This led to a few problems, seeing as Microsoft Word and Google Docs do not keep the same formatting. We created our final report using google docs so that we could all edit it at the same time. This list can be found in our final report.
In the end we created a comprehensive list of artifacts and their locations. Missing artifacts were determined if the artifact should have been generated during data gen but was still missing. Obsolete artifacts were determined if neither versions of the operating system had that artifact. We broke theses artifacts into two groups, obsolete and missing. However, through our analysis and comparison we were unable to locate some artifacts. We determined that the two versions were very similar and only a few artifacts had moved to new locations in El Capitan. Once we had created the spreadsheets of the artifact locations we then compared them to determine what artifacts were different between Yosemite and El Capitan. Most of the artifacts that we located were user specific while a few were machine specific. The lists contained many different artifacts ranging from application specific artifacts to system configuration files. We are happy to report that we finished our examination of the two images and were able to compile a list of artifact locations for both Yosemite and El Capitan.
#Ccleaner osx forensics log update#
The last time we update our progress we had just completed data gen and imaging of both the OS X Yosemite and El Capitan machines. Overall the two versions of OS X were very similar and only had a few minor differences. Then we generated a final report that will be available at “Mac Forensics Report” (Link to the final report). During that time period we finished examining the two operating systems and compiled spreadsheets containing the artifact locations. It has been a while since the last time we reported on our progress. However, in terms of forensic artifacts it was fairly similar to OS X Yosemite with a few changes noted, but most of the artifacts remained the same. El Capitan has brought several new updates to OS X especially in terms of the default Apple apps. As such, many users have updated their systems to at least one of the two versions of the OS X operating system.
#Ccleaner osx forensics log mac os x#
Mac OS X Yosemite and El Capitan have both been available to Mac users for a while now.
0 kommentar(er)
