Media:
English
Navigation:
English
Please enter your search term
Sign In
Queue
Favorites
Cloud TV
FreeAir.tv Channels
My Library
A-la-carte Subscriptions
History
My Account
My Devices
Earn Cash
Help
International TV
Films
Packages
Video
Audio
Radio
Kids
Inside the Core
International TV
Discover By Language
FREE International TV
Music TV
World News in English
Lifestyle
Sports
Films
Packages
Kids
Films
English Films
FREE Films
Russian Films
German Films
Spanish Films
Ukrainian Films
Italian Films
Portuguese Films
French Films
Korean Films
Polish Films
Indian Films
Romanian Films
Swedish Films
Chinese Films
3D
Christmas Films
Packages
Russian
Ukrainian
German
French
Indonesian
Romanian
Italian
Video
By Language
Archive Library
Arts
Business
Comedy
Education
Fiction
Government
Health & Fitness
History
International
Kids & Family
Leisure
Music
News & Politics
Religion & Spirituality
Science
Society & Culture
Sports
Technology
Travel
TV & Film
Audio
By Language
Archive Library
Arts
Business
Comedy
Education
Fiction
Government
Health & Fitness
History
International
Kids & Family
Leisure
Music
News & Politics
Religion & Spirituality
Science
Society & Culture
Sports
Technology
Travel
TV & Film
Radio
Local Radio
Music
Sports
Talk
Discover By Location
Kids
TV Live for Children
Films & TV On-Demand
Video Podcasts
Audio Podcasts
Internet Radio
New Music from the Blue Clover Blog (theblueclover.com)" A weekly Podcast to check out from Brooklyn: New Music, Rarities, Suggested downloads, NYC event updates, old goodies and more. You will find bands like: Black Moth Super Rainbow, Radiohead, NIN, The Black Keys, El Ten Eleven, Explosions in the Sky, The Cure, The Beatles, My Morning Jacket, Justice, Digitalism and more.... You won't find: Sufjan, Robyn, Kanye West, Deer Hoof,Nickel Back or lil wayne.... www.theblueclover.com http://bluclover.blogspot.com/
===[ The Blue Clover ]===
As a husband, father, and educator, Jeff Young is passionate about faith, family, community, education... and food! It is for this reason that he founded The Catholic Foodie, which produces fun and entertaining media that foster growth in faith and community. The goal? To strengthen families and to encourage a stronger sense of community through social media.
The Catholic Foodie
Rome Review: English Tongues in the Eternal City. Join Charlie Q and company for discussions on life in Rome from inside the walls of the Eternal City.
Rome Review
Welcome to Giant Gnome Productions? bi-weekly (every two weeks) podcast for all the new and exciting things happening at Giant Gnome Productions. In it, the hosts, Waleed Ovase, Mark Kilfoil, and Tony Raymond, will reveal new cast announcements, interviews of the casts and crew of different shows, and much much more. So tune in every two weeks, for...The GnomeCast!
The GnomeCast
Full-time author Bob Baker shares his best advice on Internet book marketing, online promotion, Web 2.0, social media optimization, and more. Visit FullTimeAuthor.com for more info.
Internet Book Promotion Podcast
New media photographer is a photography podcast and blog about new media, social media and digital meidia for the photographer. We talk about digital photography, marketing photography online, business of photography, business tips, SEO (Search engine optimization), facebook, linkedin, twitter, plaxo, Google, Analytics, media and unique photography ideas. We also offer interviews and share the new media photographer award. Please take a moment to listen,leave a review and join our new media photographer community.
New Media Photographer - Digital and Social Media photography podcast
The all new Audio drama Based on the Television Series Created by Glen A. Larson.
Brokensea - Battlestar Galactica
Inside the CyberCrime 4Cast Super Show
Inside the Core
About
Discover in
Share
Playing on
The Macintosh and Apple Device Forensics Podcast
Feedback
Most Popular
Newer Episodes
Older Episodes
Most Popular
Most Recent
Most Viewed
Audio Books \ Technology \ Biotechnology
Video \ Training
Video \ Secondary
RSS feed
Direct link
Playing on all devices
We were kindly invited by Lee Whitfield of Forensic 4Cast to participate in the Digital Forensics Podcast Super Show. Along with Lee, we were joined by Joe Garcia of CyberCrime101 and Lee's brother Simon.
Here is the link to the show:
http://forensic4cast.com/2010/12/21/episode-34-inside-the-cybercrime-4cast/
Happy Holidays
The MacDudes
Inside the CyberCrime 4Cast Super Show
In this episode we discuss Chrome for Mac forensics and the Forensic 4Cast Awards. We have guest host Joe Garcia of the CyberCrime 101 podcast, who tells us about his podcast, the SANS Forensic Summit and HacKidCon.
We also briefly discuss Steve Whalen's new company, Sumuri, and their Forensic Boot and Imaging CD, Paladin; AccessData's FTK Imager command line tool for the Mac; and the websites of the episode.
Thanks to Joe Garcia for being on the show.
We would also like to thank you, our listeners, for voting for ITC in the Forensic 4Cast Award's Best Digital Forensics Podcast. Who would of thought we would of won!
A special thanks to the Florida State Prison System for their votes.
Inside the Core Episode 12
3953
It is time to vote in the 2nd Annual Forensic 4Cast Awards. There are a number of catagories to include:
Outstanding Contribution to Digital Forensics - Company & Indivdual
Digital Forensic Podcast
Digital Forensic Investigator of the Year
Take the time to go to the Awards page and vote for your favorites!
Vote Here!
Did we mention that Inside the Core was nominated for Best Digital Podcast?
Don't forget to vote for us! A free podcast episode to everyone that votes for ITC!
Be safe,
The MacDudes
Forensic 4Cast Annual Awards
In Episode 11, The MacDudes talk about using the command line to see what extended attributes a file has assigned to it. PLoW covers two plists.
We also talk a bit about the recent CEIC conference, Twitter, and a couple of software applications.
Chris is hard at work trying to get the show notes caught up. We hope to have all of them on the website for your downloading pleasure.
Be safe!
The MacDudes
Inside the Core Episode 11
4344
After a two month hiatus, we are back with Episode 10. We know it has been a while but we are ready to get back to work and bring the best in Mac forensics information to you.
In this Episode we cover the com.apple.LaunchService.QuarintineEvents SQLite DB File. PLoW covers several iWork plists, a VLC plist.
The episodes Website of the Week is appleeserialnumberinfo.com. This website interprets a Mac's serial number and provides us with great information on the make up of that particular system.
We talk briefly about a native "switch" in Snow Leporad that allows us to turn on read/write to NTFS volumes. No need for NTFS 3G or Tuxera NTFS. Look for more on that later.
Show notes to follow.....No really, we promise!
Be Safe!
The MacDudes
Inside the Core Episode 10
28:44
This is our holiday special episode. We gather around the Christmas tree with the kids and read our version of The Night Before Christmas.
We want to thank all of you for taking the time to listen to the podcast and provide us feedback to help make the show better. We try our best to provide information that will help you in your Mac exams or at least point you in the direction where your questions can be answered.
We would especially like to thank our own MacDudette, KK, for writing the MacMas version and for her on the fly editing while Chris and Dave were totally clueless on how to make two words rhyme.
We hope that you have a Merry Christmas, Happy Chanukah or whatever you are celebrating!
Be safe and we hope to see you in the new year!
The MacDudes
Inside the Core - The Night Before MacMas
06:43
In Episode 9, The MacDudes talk about hardening your Mac using native security applications and processes. Following in the security theme, the Plist of the Week (PLoW) covers com.apple.loginwindow.plist and com.apple.loginitems.plist.We have a great interview with Joe Duke of AccessData. Joe will discuss the use of FTK in analyzing Macintosh and the new FTK Mac Forensics course.
The following are some of the websites we talk about concerning Mac Security & anti-virus
Mac Shadows
Secure Mac
Mac Hacking
Security Social
Intego BlogThe show note to follow, honest!Be Safe,The MacDudes
Inside the Core Episode 9
4033
In Episode 8, we cover preparing a Mac for use as an analysis system. We also go over a lot of tools that are useful in analysis of a Mac. We have an interview with Ben Charnota of BlackBag Technologies about their new software write block (beware: Ryan's mic will be found lacking).
Google is providing free internet access in a number of airports this holiday season. Here is a link to an article about it: http://tiny.cc//Free_Google312
Plist of the Week: com.apple.recentitems.plist
No Website of the Week this episode, the show was getting a little too long so I pulled it out. We will include it in the next show.
Show notes to follow!
Be safe,
The MacDudes
Inside the Core Episode 8
3659
There was a problem with the sound quality of the Episode 7 interview. Yes, sound quality issues, imagine that. I corrected the problem and uploaded a new version yesterday afternoon.
Still trying to get it right. Sorry for the inconvenience it is causing while listening.
Be safe,
Dave
Sound Quality
This episode, the MacDudes have an interview with Lee Whitfield of the Forensic 4cast Podcast, talk about features in Snow Leopard that are of interest to examiners, and the Plist of the Week.Also discussed;Problems with Time CapsuleLinkedin GroupsBodega applicationTwitter's Computer Forensic InformationSnow Leopard's Problems with Guest AccountsMobileSyncBrowserLook for show notes soon.
Inside the Core Episode 7
51:57
In this Episode, Ryan interviews Al Lewis of SubRosaSoft, Chris talks with Social Media & Communications expert, Christ M. Miller about her website, Cops2Point0.com. The MacDudes also discuss:HFS+ read support in BootCamp 3.0 Mac OS's native screenshot capabilitiesPlist of the Week: com.apple.sidebarlists.plistWe're still struggling with some sound quality issues, hopefully we will have this worked out with the next round of interviews.Show notes will be posted shortly.
Inside the Core Episode 6
3874
In this episode, the MacDudes talk about iPhone backup files and tools to parse them, imaging iPods, how to extract a dictionary file from swap files over 2GB in size and the Plist of the Week.
Inside the Core Episode 5
3787
This episode covers why we point everyone to the user's Home folder first. Ryan talks about Diskarbitration for Leopard and Tiger. Chris showcases the Plists of the Week, Safari bookmarks, history, downloads, TopSites & Last Session.Websites of the Week: MacTracker & EveryMacPodcasts to listen to: CyberSpeak & Forensic 4CastShow notes are available for download. They are more detailed than the synopsis below:Click here to DownloadShow notes synopsis:Home Folder: -Most of the evidence is located in the Userʼs Home Folder -Majority of the Preference PLists with user-specific settings are in User/Library/ Preferences -User Logs: -Indicative of the userʼs activity -Not system activity, but user specific logs -Preferences: -PLists files or proprietary format files for the User -Contains configurations and settings for the User -I.E. Online activity, buddy lists, email, logins, etc.-Application Support: -Mozilla Cache, iPhone backup files from MobileSync folder -Application PLists with information LEOPARD: -Disk Arbitration looks at devices and mounts the device and makes icon to access this device available to the user -On Boot, Disk Arbitration recognizes the internal hard drive. Recognizes file system. Mounts partitions on desktop. -In order to prevent writes, we must prevent the mount. -To turn off Disk Arbitration, enter Terminal and type: sudo launchctl unload System/Library/LaunchDaemon/com.apple.diskarbitrationd.plist-Now when you connect a disk, the disk will not mount -To turn back on, enter Terminal and type: sudo launchctl load System/Library/LaunchDaemons/com.apple.diskarbitrationd.plist or Reboot system and diskarbitration will become active again TIGER: -Not controlled by LaunchCtl process -Need to move the PList from one location to another -Method: 1. Make copy of the diskarbitrationd.plist 2.Once the copy is made, use the remove command in Terminal to delete the com.apple.diskarbitrationd.plist from the /etc/mach_init.d folder 3.Reboot system 4.Only OS Boot partition will mount. To UNDO, Copy the diskarbitrationd.plist back to the /etc/mach_init.d folder and reboot the system. PList(s) of the Week(PLOW): User/Library/Safari:Bookmarks.plist: -User created/maintained bookmarks Downloads.plist -Any downloads specific to Safari -Download history History.plist: -History from Safari if not cleared TopSites.plist -Came with Safari 4 -When a New Tab is opened, it opens thumbnails of most visited sites -Instead of typing URL, just click on thumbnail and it opens the site. LastSession.plist: -Indicates what was open on last Safari session -If multiple windows opened, it will indicate each as a different Item
Inside the Core Episode 4
49:02
Sorry it took so long but the show notes for Episode 3 are ready. You can either read a shortened version below or download the PDF. The PDF has images that help explain some of the locations and other aspects of what was discussed.Download Show NotesSafari Internet Cache:Original location for Safari 2 and early 3: - Users/USERNAME/Library/Caches/Safari/ - Files were given Unique ID and extension of .cache Version 3: switched to a sqlite database file and moved the cache to /var/folders -Location: /var/folders/(UniqueID)/(UniqueID)/caches/com.apple.Safari -Cache.db file -If in Windows environment, ie. Encase, you will not see “/var/folders”, instead it will be: -/private/var/folders/(UniqueID)/(UniqueID)/caches/com.apple.Safari -var/folders view on Mac is called “soft link” as Private is impliedLatest Safari Ver 3 & Version 4 moves the cache back to:Users/USERNAME/Library/Caches\com.apple.safari - The Cache.db file resides here. Probable change was security based as it placed te file back in the users folder. Viewing Safari Cache: SQLite DB Browser 1.3: Database: can use SQLite DB browser 1.3 from Sourceforge -Displays the .db tables -Example: “Response Table”: has website URL and Date/Time Stamp in GMT Filejuicer: -Drop the Cache.db on Filejuicer and it will parse the data out -Images, HTML, TXT, etc. Incident Response/Trusted Utilities: -Often times, whenever out on scene, it is an unknown environment -Must consider all machines to be unknown and applications possibly altered -Best way to prepare is to have our own trusted utilities disk -Recommend a flash drive, minimum 4 GB to use -If PowerPC: recommend Firewire, if Intel: recommend USB Trusted Utilities Drive: 1. Disk Initialization (formatting for you Microsofties): Use Disk Utility to initialize the drive and wipe it prior to placing tools on it. 2. Put on utilities: i.e. Terminal, System Profiler, etc. 3. Rule of thumb: Command Line Tools/GUI Tools/Evidence Collection. 4. Name the Volume/Disk something you will recognize i.e. “RyansTrusted Utilities" This eliminates confusion on Suspectʼs desktop 5. Run Trusted Utilities: Date, System Profiler and export information to Evidence Collection. 6. Keep record of the commands run for later review and reporting, i.e. use PDF printout from Mac builtin utilities. 7. Remember to direct your path to the Trusted Utilities Disk as you are never sure what the suspect has done to their machine. Control your environment. PList(s) of the Week(PLOW): Address Book: /Users/USERNAME/Library/Preferences/addressbookme.plist: -This PList originates information entered at Registration -Can contain: First Name, Last Name, Local Phone #, Street Address 1 and 2, City, State, Zip, Area Code, Local Phone#, Company, Existing email address /Users/USERNAME/Library/Preferences
Episode 3 Show Notes
Hey,Episode 3 is uploaded and ready for your listening pleasure. We cover Safari Internet cache, the Trusted Utilities Disk and the Plist of the Week. We also have our Host at Large, Reggy, with part one of his series on the Terminal. Show notes should be posted tomorrow. Thanks for listening and keep those emails coming in!Be Safe,The MacDudes
Inside the Core Episode 3
45:22
1
2
Next
Total 24
Show More
Viaway Ads
please wait...