skip navigation

CrimeSolutions.gov

Add your conference to our Justice Events calendar

PUBLICATIONS

NCJRS Abstract

The document referenced below is part of the NCJRS Library collection.
To conduct further searches of the collection, visit the NCJRS Abstracts Database.

How to Obtain Documents
 
NCJ Number: NCJ 239598     Find in a Library
Title: Evaluation of Mac Marshalâ„¢ Version 2.0.3
Corporate Author: NIJ Criminal Justice Electronic Crime Technology Ctr of Excellence
United States of America
Date Published: 09/2011
Page Count: 21
Sale Source: NIJ Criminal Justice Electronic Crime Technology Ctr of Excellence
550 Marshall St., Suite B
Phillipsburg, NJ 08865
United States of America
Document: PDF 
Type: Test/Measurement
Language: English
Country: United States of America
Annotation: This report presents the features and manufacturer claims for Mac Marshal Version 2.0.3 - which automates the analysis of disk images for the Mac OS X computer operating system - and the results are presented for performance testing of the Mac Marshal by the National Institute of Justice’s Electronic Crime Technology Center of Excellence.
Abstract: Apple’s Mac OS X is quickly becoming a popular operating system; however, the majority of digital forensic examinations performed on computers by State and local law enforcement investigators have been based on the Windows operating systems. Mac Marshal automates the identification of the operating environment of the Mac OS X-based system, and it also automates the extraction of usage information left by the operating system and Mac OS X applications. The manufacturer of Mac Marshal notes that “Mac Marshal’s unique implementation of the capability to use the Spotlight search functionality is invaluable in speeding searches for files based upon sophisticated content or metadata criteria.” In the three performance tests conducted, Mac Marshal performed according to manufacturer claims. Several times it required the user to enter the system password to access information. The information the tool collected was displayed well and easy to read. This would enable a law enforcement investigator to quickly interpret the OS X-specific data on the machine. Mac Marshal Forensic Edition would either require a dedicated OS X-based forensics examination machine or a request for a new license in order to examine each and every case. At $199.00, the Mac Marshal Field Edition is a cost-efficient way to have a tool that could examine multiple OS X-based machines. The test bed configuration is described, and results are presented from each of the three performance tests conducted. Extensive figures
Main Term(s): Computer related crime
Index Term(s): Testing and measurement ; Computer software ; Equipment evaluation ; Computer aided investigations ; Computer crime investigative Training ; Computer evidence
   
  To cite this abstract, use the following link:
https://www.ncjrs.gov/App/Publications/abstract.aspx?ID=261664

* A link to the full-text document is provided whenever possible. For documents not available online, a link to the publisher's web site is provided.