Here’s a collection of our press releases.
Al Lewis, the Director of Forensic Services and Development for MacForensicsLab Inc., interviewed by Inside the Core. Al discusses MacForensicsLab products and their use in forensic investigations. Find out about the full range of forensic tools and training that MacForensicsLab Inc. has to offer and how you can use them in your forensic investigations.
This week, Bret and Ovie interview Al Lewis from SubRosaSoft.com Inc. http://www.macforensicslab.com about the MacLockPick. We discuss the new Mac lockpick that can be preconfigured to collect volatile data on Windows, Mac and Linux System. This is the first cross platform utility we have seen. Download from iTunes.
MacLockPick II (2.1) Extract all incriminating info
on any computer (Linux, Mac, Windows) or iPhone
Reviewed by Robert L Pritchett
Phone +1 (510) 870-7883
Fax +1 (510) 868 3407
Originally Released: April 27, 2007
Only sold through the website for $500 USD.
To use this app, you really should be in Law Enforcement.
Comes with Tutorial CD and 2 GB USB flashdrive
Strengths: Cross-platform access (it works on accessing passwords from Linux, Mac,
Weaknesses: Requires the dongle to operate. Wait, the tool is the dongle! So ” none
MacLockPick (MLP) is a valuable tool for law enforcement professionals to perform live forensics on Mac OS X systems. The solution is based on a USB Flash drive that can be inserted into a suspect’s Mac OS X computer that is running (or sleeping). Once the software is run it will extract data from the Apple Keychain and system settings in order to provide the examiner fast access to the suspect’s critical information with as little interaction or trace as possible.
MacLockPick takes advantage of the fact that the default state of the Apple Keychain is open, even if the system has been put to sleep. It also makes use of the openly readable settings files used to keep track of your suspect’s contacts, activities and history. These data sources even include items that your suspect may have previously deleted or has migrated from previous Mac OS X computers.
What I Learned
Mark Hurlow loves Computer Forensics and apparently his tool of choice is Mac OS X. The MacForensics Lab is a “single solution for law enforcement professionals”.
We have reviewed other SubRosaSoft apps before, but all were done back in 2007 covering;
Mark and his team have been quite busy with various other computer forensics tools as well and they do have a few Freeware items that might be of interest.
The MLP CD does have a tutorial video that discusses the device. It does come with a keychain so it will have less of a problem getting lost. Perhaps that is symbolic for the KeyChain on Macs that become captured when this device is installed into a USB port.
Plug in the stick, double-click on the program and it collects the passwords from the computer. You can export captured files as well. If a data capture app is not listed, you may add your own, so the device is extensible.
Being able to essentially look into any PC or Mac using captured passwords makes this device either a very dangerous tool in the wrong hands or an excellent tool for access for someone who cannot ever remember the password used to access a program. My guess is the latter one is not the person who would use this device.
Perhaps you can appreciate the power of this little device and now understand why it is called the MacLockPick. Knowing that it can also can “pick” PCs, makes this device extremely valuable.
If you are familiar with Windows registries, MacPickLock goes to the relevant registers and grabs the pertinent information including the retrieved databases.
To read files, the MLP will be needed. If you are capturing large files, an external hard drive can be used to capture the data instead of the MLP device, but the MLP will be needed to read the files, once back at the Forensics lab. If the external drive gets lost, nobody will be able to recover and understand the info located there. The dongle is key, literally, in the success of analysis.
The tools include an archiver, an authenticator, a reader and Setup. There are folders for output, plug-ins and report templates.
Each dongle is secured and cannot be reproduced.
There really isn’t anything that can be hidden from this device on any computer, but you do need to know how to “eject” the USB drive.
The MLP really is a companion to the MacForensicsLab. Use it wisely.
If you are in the business of analyzing data in a law enforcement role, this tool is one you will want in your arsenal. Macs are so much easier to deal with. Why not get the tools that make the job even easier? FI all you have to do is collect the passwords to access the programs on any machine and do it in a matter of seconds, why futz around, right? Get in, get the job done and get out. Quick and easy.