Hello Reader,
It's
that time again, Sunday Funday time! For those not familiar every Sunday I
throw down the forensic gauntlet by asking a tough question. To the winner go
the accolades of their peers and prizes hopefully worth the time they put into
their answer. This week I am changing things up and letting the winner pick
their choice of prizes!
The Prize:
· Winner's Choice A year license of Accessdata Triage or a Advanced Training Track ticket to PFIC
The Rules:
1. You must
post your answer before Midnight PST (GMT -7)
2. The most
complete answer wins
3. You are
allowed to edit your answer after posting
4. If two
answers are too similar for one to win, the one with the earlier posting time
wins
5. Be
specific and be thoughtful
6. Anonymous
entries are allowed, please email them to dcowen@g-cpartners.com
7. In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post
The Challenge:
This week on the forensic lunch we have been talking about OSX and timemachine
forensics. So let's have a OSX/Timemachine Challenge!
You have been given a timemachine drive that had multiple systems backing up to
it over the network. After imaging it you need to determine what has been done,
answer the following questions:
1. What are the different types of backups you could find on a timemachine
drive.
2. How can you distinguish which hosts backup you are looking at.
3. How would you extract a single backup for a specific date.
4. What is the difference between a timemachine backup and a .mobilebackup.
There, thats not too bad now is it? I look forward to your answers!
Also Read: Daily Blog #48
Post a Comment