June 18, 2019 - Simson Garfinkel

Details: Last Updated: 28 May 2019

Join us on Tuesday, June 18 for our monthly chapter meeting with a special guest speaker:

Macintosh Forensics
by Simson Garfinkel

Abstract
Macintosh is a hard operating system on which to do about forensics. The operating system is a mix of BSD Unix, the Mach kernel from CMU, utilities and functionality that have been cross-ported from GNU/Linux, and a whole bunch of custom code written by Apple. Some of that code has been written for desktop operating system, and some has been written for iOS, which started out as a fork of MacOS, diverged, and now seems to be coming back. And there are four fundamental kinds of programs on the Mac worthy of forensic analysis: the kernel, background processes (daemons), command-line tools, and programs that run under the Mac graphical user interface.

To make matters worse, the Macintosh operating system is changing fast, but it is changing incrementally. This means that some information published a few years ago is still current, but other information is hopeless out of date. Some old forensics techniques work just fine, others don’t work at all, and some work incompletely, as they access system data using legacy APIs.

This talk gives an overview of Macintosh forensics based on the course CFRS 764 — Mac Forensics, which I taught this spring at George Mason University. I will provide information about the kinds of information that the Mac records, discusses tools and resources for those interest in Mac forensics, and suggest opportunities for future research.

Speaker bio
Simson Garfinkel is the Senior Computer Scientist for Confidentiality and Data Access at the US Census Bureau. He holds seven US patents and has published more than 50 research articles in computer security and digital forensics. He is a fellow of the Association for Computing Machinery (ACM) and the Institute of Electrical and Electronics Engineers (IEEE), and a member of the National Association of Science Writers. His most recent book is The Computer Book, which features 250 chronologically arranged milestones in the history of computing. As a journalist, he has written about science, technology, and technology policy in the popular press since 1983, and has won several national journalism awards.

Garfinkel received three Bachelor of Science degrees from MIT in 1987, a Master's of Science in Journalism from Columbia University in 1988, and a Ph.D. in Computer Science from MIT in 2005.

Must RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

Tuesday, June 18, 2019 at 6:30 pm

Center for American Progress (CAP)

1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.