dfm covers
 
 

Operational Forensics and the Mac

Written by DFM team

Operational Forensics and the Mac 

Anthony Kokocinski writes


Mac OS X Network Primer

With the constant changes in network security design and analysis, it is often important to know what is normal traffic and what is malicious lateral movement.  Here, we will visit some of the more common Mac OS X networking technologies that can be seen on a local subnet.


The news media provides a constant stream of data breaches, network compromises, information leaks, and malicious code outbreaks.  To make sense of it all, company officers and shareholders are looking to outside computer specialists and internal IT staff. No company wants to be the one to find out about their internal affairs through outside news sources.  Corporate leaders feel that their internal IT groups should be able to provide proper network security services.  When they can't, the money to pay for outside services is rarely available.  This situation creates a murky field for those who practice in any network security capacity.  Some of the biggest issues arise from lateral movement on the network computers gaining access to other computers for purposes of data gathering before exfiltration from a network.  This movement eludes some sensors and confuses some analysts.


Apple's OS X often provides challenges to even seasoned computer forensic analysts. Many of these analysts can glean data that is readily provided by the tool that they are using, #mce_temp_url#but they cannot go beyond the limits of their tool. When faced with an OS X device on a network, many analysts shy away completely.  The reason for this could be unfamiliarity of network protocols, or dismissal based upon target volume versus level of effort.  Macintosh computers are being encountered more often in enterprise networks and cannot be dismissed as easily as they were five years ago.


About the same time that widespread automated attacks became rampant through Windows™ centric networks, OS X’s stability and popularity caused a shift that pushed people toward diversifying their network with a few Apple machines here and there. This creates a varied network footprint, which is by nature more resilient to automated attacks, but it becomes a small headache for network administrators.  This headache is passed along to forensic analysts trying to determine malevolent traffic on a network consisting of thousands of nodes decentralized against multiple geographic locations, often with their own point of egress outside of the network.


Read more on this subject - and more on Apple forensics within Issue 6 of DFM - out now - subscribe today!


 
Please make cache directory writable.
 

Submit an Article

Call for Articles

We are keen to publish new articles from all aspects of digital forensics. Click to contact us with your completed article or article ideas.

Featured Book

Learning iOS Forensics

A practical hands-on guide to acquire and analyse iOS devices with the latest forensic techniques and tools.

Meet the Authors

George Bailey

George Bailey is an IT security professional with over 15 years of experience

 

Coming up in the Next issue of Digital Forensics Magazine

Coming up in Issue 31 on sale from May 2017:


DDOS Attacks on Mobile Devices

Denial of service attacks (DoS), distributed denial of service attacks (DDoS) and reflector attacks (DRDoS) are well known and documented. More recently however we have seen that these attacks have been directed at mobile communication devices.  Read More »

Advancements in Windows Hibernation File Forensics

Brian Gerdon looks at how the windows hibernation files can be a valuable source of information for digital forensic investigators. Read More »

Subscribe today


Testing Damage Sustainability on SD Cards

A growing number of companies and agencies are now specializing in repair and recovery of data and not on the forensic examination of the data. Read More »

Every Issue
Plus the usual Competition, Book Reviews, 360, IRQ, Legal

Click here to read more about the next issue