Daily Blog #50: Sunday Funday 8/11/13 Winner!

Sunday Funday by David Cowen - Hacking Exposed Computer Forensics Blog

Hello Reader,
        Wow, there are a lot of OSX and Timemachine loving DFIR people out there! I received a lot of submissions and they are all very good. I had to read over and compare the submissions but one was a clear standout. Congratulations to Sarah Edwards (@iamevltwin) who brought an answer so well written it had be in a PDF to include the figures she referenced!

Here was the Challenge:

This week on the forensic lunch we have been talking about OSX and timemachine forensics. So let's have a OSX/Timemachine Challenge!

You have been given a timemachine drive that had multiple systems backing up to it over the network. After imaging it you need to determine what has been done, answer the following questions:

1. What are the different types of backups you could find on a timemachine drive.

2. How can you distinguish which hosts backup you are looking at.

3. How would you extract a single backup for a specific date.

4. What is the difference between a timemachine backup and a .mobilebackup.

Here is Sarah's winning answer, 
Pdf link to read offline here:


Sunday Funday by David Cowen - Hacking Exposed Computer Forensics Blog

So it would appear as the bar as been raised this week! Sarah let me know if which prize you prefer, you earned it.

Also Read: Daily Blog #49

Post a Comment