OS X Anti-Forensics Techniques 2 - Assaulting OS X

How the Leopard Hides His Spots 2

Continuing the review of Mac OS X in the context of anti-forensics methodology, the Grugq delves here into file system attacks, in particular focusing on exploitable aspects of HFS+. The researcher provides an analysis of this file system’s components and makes an insight into the essence of B*tree nodes and data forks, singling out the ways to use those while conducting HFS+ attacks.

OS X Anti-Forensics Techniques - How the Leopard Hides His Spots

How the Leopard Hides His Spots

The Grugq, a well-known anti-forensics researcher with substantial computer security background, outlines the key issues related to counter-forensics for the OS X platform while participating in HIRBSecConf event. During this presentation entitled “How the Leopard Hides His Spots”, the Grugq, in particular, describes the techniques that help evade application-level file format attacks, HFS-specific attacks, SQLite-based attacks, etc., based on his previous experience.