When Macs Get Hacked - SANS Computer Forensics
When Macs Get Hacked - SANS Computer Forensics
When Macs Get Hacked - SANS Computer Forensics
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Internet History:<br />
Chrome - Cache<br />
~/Library/Caches/Google/Chrome/<br />
Default/Cache/<br />
“data_#” index – “Chromium Disk Cache”<br />
bit:Cache oompa$ pwd!<br />
/Users/oompa/Library/Caches/Google/Chrome/Default/Cache!<br />
bit:Cache oompa$ file * | more!<br />
data_0: data!<br />
data_1: data!<br />
data_2: data!<br />
data_3: data!<br />
data_4: data!<br />
f_00000b: gzip compressed data, was "hs.base.js", from Unix, last modified: Thu May 10 14:40:25 2012!<br />
f_00000c: gzip compressed data, was "dashboard.css", from Unix, last modified: Thu May 10 14:40:16 2012!<br />
f_00000d: gzip compressed data, was "hs.dashboard.js", from Unix, last modified: Thu May 10 14:41:14 2012!<br />
f_00000e: PNG image data, 119 x 608, 8-bit/color RGBA, non-interlaced!<br />
f_00000f: gzip compressed data, was "hs.dependencies.streams.js", from Unix, last modified: Thu May 10<br />
14:42:20 2012!<br />
f_000010: HTML document text!<br />
f_000011: PNG image data, 214 x 224, 8-bit/color RGBA, non-interlaced!<br />
f_000012: gzip compressed data, was "staticlegacy.css", from Unix, last modified: Thu May 10 14:41:05 2012!<br />
f_000014: JPEG image data, JFIF standard 1.01!<br />
oompa@csh.rit.edu | @iamevltwin