Proposal / Submission Type
Peer Reviewed Paper
Location
Richmond, Virginia
Start Date
25-5-2011 2:00 PM
Abstract
OS X provides a password-rich environment in which passwords protect OS X resources and perhaps many other resources accessed through OS X. Every password an investigator discovers in an OS X environment has the potential for use in discovering other such passwords, and any discovered passwords may also be useful in other aspects of an investigation, not directly related to the OS X environment. This research advises the use of multiple attack vectors in approaching the password problem in an OS X system, including the more generally applicable non-OS X-specific techniques such as social engineering or well-known password cracking techniques such as John the Ripper or other versions of dictionary attacks and Rainbow table attacks. In some successful approaches the components of the attack vector will use more OS X specific techniques such as those described here: application-provided password revealing functions, a Javascript attack, an “Evil Website” attack, system file scavenging, exploitation of the keychain, and an OS X install disk attack.
Keywords: OS X, password, password discovery, social engineering, sleepimage, keychain
Scholarly Commons Citation
Primeaux, David; Dahlberg, Robert; Keo, Kamnab; Larson, Stephen; Pennell, B.; and Sherman, K., "MAC OS X Forensics: Password Discovery" (2011). Annual ADFSL Conference on Digital Forensics, Security and Law. 5.
https://commons.erau.edu/adfsl/2011/wednesday/5
Included in
Computer Engineering Commons, Computer Law Commons, Electrical and Computer Engineering Commons, Forensic Science and Technology Commons, Information Security Commons
MAC OS X Forensics: Password Discovery
Richmond, Virginia
OS X provides a password-rich environment in which passwords protect OS X resources and perhaps many other resources accessed through OS X. Every password an investigator discovers in an OS X environment has the potential for use in discovering other such passwords, and any discovered passwords may also be useful in other aspects of an investigation, not directly related to the OS X environment. This research advises the use of multiple attack vectors in approaching the password problem in an OS X system, including the more generally applicable non-OS X-specific techniques such as social engineering or well-known password cracking techniques such as John the Ripper or other versions of dictionary attacks and Rainbow table attacks. In some successful approaches the components of the attack vector will use more OS X specific techniques such as those described here: application-provided password revealing functions, a Javascript attack, an “Evil Website” attack, system file scavenging, exploitation of the keychain, and an OS X install disk attack.
Keywords: OS X, password, password discovery, social engineering, sleepimage, keychain