Software usage artifacts identification process model on macOS operating systems used in information security incidents investigation
Abstract
Full Text:
PDF (Russian)References
(Desktop operating system market share worldwide) [Online]. Available: https://gs.statcounter.com/os-market-share/desktop/worldwide.
(Complete list of Mac viruses, malware and trojans) [Online]. Available: https://www.macworld.com/article/672879/list-of-mac-viruses-malware-and-security-flaws.html.
K. Kent, S. Chevalier, T. Grance. Guide to integrating forensic techniques into incident response. NIST Special Publication, vol. 10, pp. 800–886, 2006.
J. Bradley. OS X incident response: scripting and analysis. Rockland: Syngress Publishing, Inc., 2016. https://doi.org/10.1016/C2015-0-00440-3.
G. Johansen. Digital forensics and incident response: incident response techniques and procedures to respond to modern cyber threats, 2nd Edition, Birmingham: Packt Publishing Ltd., 2020.
J. T. Luttgens, M. Pepe, K. Mandia. Incident response & computer forensics, third edition, New York: McGraw Hill Ltd., 2014.
M. H. Ligh, J. Levy. The art of memory forensics: detecting malware and threats in Windows, Linux, and Mac memory, New York: John Wiley & Sons, Inc., 2014.
J. Levin. Mac OS X and iOS internals to the Apple’s core. New York: John Wiley & Sons, Inc., 2013.
(GitHub — ydkhatri/mac_apt: macOS (& ios) artifact parsing tool) [Online]. Available: https://github.com/ydkhatri/mac_apt.
(Knowledge is power! using the macOS/iOS knowledgeC.db database to determine precise user and application usage) [Online]. Available: https://www.mac4n6.com/blog/2018/8/5/knowledge-is-power-using-the-knowledgecdb-database-on-macos-and-ios-to-determine-precise-user-and-application-usage.
P. Shukla, A. Pratap Forensic investigation: Apple devices acquisition & analysis. NFSU Journal of Cybersecurity & Digital Forensics, vol. 1, no. 1, pp. 17-24, 2022.
(Mac Bookmark Format — mac_alias 2.2.2 documentation) [Online]. Available: https://mac-alias.readthedocs.io/en/latest/ bookmark_fmt.html.
(RFC 9562 — Universally Unique Identifiers) [Online]. Available: https://datatracker.ietf.org/doc/html/rfc9562.
S. T. Atwal, M. Scanlon, N. Le-Khac. Shining a light on Spotlight: leveraging Apple's desktop search utility to recover deleted file metadata on macOS. Digital Investigation, vol. 28, pp. S105-S115, 2019. https://doi.org/10.1016/j.diin.2019.01.019.
Y. Khatri. Investigating spotlight internals to extract metadata. Digital Investigation, vol. 28, pp. S96-S103, 2019. https://doi.org/10.1016/j.diin.2019.01.005.
J. Joun, S. Lee, J. Park. Discovering spoliation of evidence through identifying traces on deleted files in macOS. Digital Investigation, vol. 44, 2023. https://doi.org/10.1016/j.fsidi.2023.301502.
B. Maddu, R. Maddu. OS X artifact analysis. International Journal of Recent Technology and Engineering, vol. 7, pp. 26-32, 2019.
R. Niranjan. Mac OS forensics. Practical Cyber Forensics, vol. 1, pp. 101-132, 2019. https://doi.org/10.1007/978-1-4842-4460-9_4.
V. Baryamureeba, F. Tushabe. The enhanced digital investigation process model. Proceedings of the Fourth Digital Forensic Research Workshop, vol. 1, pp. 1–9, 2004.
F. C. Freiling, B. Schwittay. A common process model for incident response and computer forensics. International Conference on IT-Incidents Management & IT-Forensics, vol. 1, pp. 19–39, 2007.
A. Agarwal, M. Gupta, S. Gupta. Systematic digital forensic investigation model. International Journal of Computer Science and Security (IJCSS), vol. 5, no. 1, pp. 118-131, 2011.
M. D. Kohn, M. M. Eloff, J. H. P. Eloff. Integrated digital forensic process model. Computers & Security, vol. 38, pp. 103–115, 2013. https://doi.org/10.1016/j.cose.2013.05.001.
L. Johnson. Computer incident response and forensics team management. Rockland: Syngress Publishing, Inc.; 2014. https://doi.org/10.1016/C2012-0-01092-7.
D. Lillis, B. Becker, T. O'Sullivan. Current challenges and future research areas for digital forensic investigation. Proceedings of 11th ADFSL Conference on Digital Forensics, Security and Law (CDFSL 2016), vol. 1, pp. 9–20, 2016. https://doi.org/10.48550/arXiv.1604.03850.
X. Du, N. Le-Khac, M. Scanlon. Evaluation of digital forensic process models with respect to digital forensics as a service. Proceedings of the 16th European Conference on Cyber Warfare and Security (ECCWS 2017), vol. 1, pp. 573–581, 2017.
A. Presley, D. H. Liles. The use of IDEF0 for the design and specification of methodologies, vol. 1, pp. 5–12, 1998.
(MacRansom offered as ransomware as a service) [Online]. Available: https://www.fortinet.com/blog/threat-research/macransom-offered-as-ransomware-as-a-service.
(EvilQuest ransomware mac) [Online]. Available: https://www.pcrisk.com/removal-guides/18425-evilquest-ransomware-mac.
(New OS X ransomware KeRanger infected Transmission bittorrent client installer) [Online]. Available: https://unit42.paloaltonetworks.com/new-os-x-ransomware-keranger-infected-transmission-bittorrent-client-installer.
T. J. Grant, E. Eijk, H. S. Venter. Assessing the feasibility of conducting the digital forensics process in real time. Proceedings of 11th International Conference on Cyber Warfare & Security (ICCWS 2016), vol. 25, pp. 147–155, 2016.
M. Debinski, F. Breitinger, P. Mohan. Timeline2GUI: A Log2Timeline CSV parser and training scenarios. Digital Investigation, vol. 28, pp.34–43, 2019. https://doi.org/10.1016/j.diin.2018.12.004.
M. M. Deza, E. Deza. Encyclopedia of distances, 2nd edition. Heidelberg: Springer Berlin, 2013. https://doi.org/10.1007/978-3-642-30958-8.
D. Gusfield. Algorithms on strings, trees and sequences: computer science and computational biology, 1st edition, Cambridge: Cambridge University Press; 1997.
E. Sutinen, J. Tarhio. Approximate string matching with ordered q-grams. Nordic Journal of Computing, vol. 11, no. 4, pp. 321–343, 2004.
G. Navarro. A guided tour to approximate string matching. ACM Computting Surveys, vol. 33, no. 1, pp. 31–88, 2001. https://doi.org/10.1145/375360.375365.
Refbacks
- There are currently no refbacks.
Abava Кибербезопасность ИБП для ЦОД СНЭ
ISSN: 2307-8162