MacLockPick II forensics utulity now cross-platform
updated 05:30 pm EDT, Wed October 1, 2008
MacLockPick II now for Mac
MacForensicsLab has released MacLockPick II, the latest version of its forensics triage utility that is now compatible with Mac OS X. The program, originally only available to law enforcement, is now offered to the public. MacLockPick allows users to capture data for preservation as evidence. Information regarding computer details, activities of the system user, and online history are claimed to be extracted in minutes.
Information can be taken from Windows, Mac, or even iPhone platforms. Files and folder can be copied with hashing in MD5, SHA1, and SHA256. The software can be configured to make copies of specified target information, with filtering for types of files or specific users. For investigations requiring command-line tool execution on a suspect system, MacLockPick can transparently run the command and record the output.
The software is compatible with plug-ins, which include a NTLM and Lan Man password grabber and Apple key chain extractor shipped with the law enforcement only version. Plug-ins included with both law enforcement and public packages include data copying utilities for iPhone, clipboard, Firefox, Internet Explorer, Safari, network, Skype, system information, and USB flash drives.
MacLockPick II for Windows and Mac OS X is available from MacForensicsLab for $500. The package includes a USB storage device that works as a dongle and holds application files or logs.
Fresh-Faced Recruit
Joined: Apr 1999
hmmm
So Keychain is insecure... got it. Keep sensitive documents in 256kbit AES-encrypted disk images (easily created with Disk Utility), and don't save the password to it in Keychain. Use "Private Browsing" mode in Safari (or the equivalent in Firefox) when visiting sensitive websites. To delete sensitive files securely, use the "srm" function in the terminal:
srm -rf [filename]
This can easily be done by someone with no terminal experience by typing "srm -rf " (note the space at the end) in the terminal, and then dragging the file to be securely removed onto the terminal window, and hitting 'enter'. Note that you can also use Disk Utility to securely delete your free disk space if you've already deleted a sensitive file in an insecure manner. With these steps, even software such as this can be mitigated for those concerned with their privacy.