DOCSLIB.ORG

A Tool for Mac OS X Operating System and Application Forensics

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Tool for Mac OS X Operating System and Application Forensics digital investigation 5 (2008) S83–S90 available at www.sciencedirect.com journal homepage: www.elsevier.com/locate/diin MEGA: A tool for Mac OS X operating system and application forensics Robert A. Joyce*, Judson Powers, Frank Adelstein ATC-NY, 33 Thornwood Dr. Suite 500, Ithaca, NY 14850, United States abstract Keywords: Computer forensic tools for Apple Mac hardware have traditionally focused on low-level Mac OS X file system details. Mac OS X and common applications on the Mac platform provide an Computer forensics abundance of information about the user’s activities in configuration files, caches, and Spotlight logs. We are developing MEGA, an extensible tool suite for the analysis of files on Mac Disk image analysis OS X disk images. MEGA provides simple access to Spotlight metadata maintained by the Application analysis operating system, yielding efficient file content search and exposing metadata such as dig- ital camera make and model. It can also help investigators to assess FileVault encrypted home directories. MEGA support tools are under development to interpret files written by common Mac OS applications such as Safari, Mail, and iTunes. ª 2008 Digital Forensic Research Workshop. Published by Elsevier Ltd. All rights reserved. 1. Introduction Boot Camp software or in a virtual machine such as Parallels or VMware Fusion. The increasing popularity of Apple Macintosh hardware, par- With the assistance of the National Institute of Justice (NIJ), ticularly that using Intel x86-compatible processors, provides we are developing an extensible Macintosh Evidence Gather- new challenges and data-gathering opportunities for forensic ing and Analysis (MEGA) tool suite that allows investigators examiners. Various estimates of Mac market share hover to graphically assess and collect data on dual-boot Mac sys- between 5 and 14%, and that number is growing quarter by tems, and to gather and analyze forensically relevant data quarter (AppleInsider, 2008). The New York State Computer specific to Mac OS X and common applications on the Crime Unit sees approximately 5–10% Macs, almost exclu- platform. sively Mac OS X, in their investigations. Some niche markets Section 2 describes existing forensic research and tools have even greater penetration; Princeton University reports available for Mac OS X. Section 3 summarizes the design and that 45% of new computer purchases on campus in 2006 implementation approach taken for MEGA. The Mac ‘‘Spot- were Macs (Daily Princetonian, 2006). light’’ search index, maintained by Mac OS X 10.4 and later, Yet forensics on Mac OS X-based systems is an immature can dramatically speed investigators’ search for particular field with relatively few tools available. Those tools that do ex- files; the acquisition and forensic implications of this meta- ist focus mainly on low-level file system analysis and provide data are discussed in Section 4. In addition to Spotlight little interpretation of the files or insight into user activities (at queries, MEGA can also handle FileVault encrypted home least not without substantial effort by the investigator). The directories, which are discussed in Section 5. Finally, Section complexity of Mac-based investigations is compounded by 6 describes other features of MEGA that are currently under the fact modern Macs often run multiple operating systems development, as well as future directions for Mac OS X foren- (such as Microsoft Windows), either dual-boot via Apple’s sic research. * Corresponding author. E-mail addresses: [email protected] (R.A. Joyce), [email protected] (J. Powers), [email protected] (F. Adelstein). 1742-2876/$ – see front matter ª 2008 Digital Forensic Research Workshop. Published by Elsevier Ltd. All rights reserved. doi:10.1016/j.diin.2008.05.011 S84 digital investigation 5 (2008) S83–S90 2. Related work Existing forensic tools with explicit support for Mac OS X are few, and typically focus on low-level file system forensics. Guidance Software’s EnCase, AccessData’s FTK, and some versions of the open source Sleuth Kit can read Apple HFSþ- formatted disk images; EnCase can also perform a limited snapshot of live OS X machines. BlackBag’s Mac Forensics Software and subrosasoft’s MacForensicsLab also focus on file-based data recovery and extraction of files of evidentiary value (BlackBag Technologies Inc.; Subrosasoft’s MacForensic- sLab). Cyber Security Technologies’s live forensic tool, OnLi- neDFS, supports Mac OS X but does not take advantage of Fig. 1 – Analysis of a dual-boot Mac OS system with Mac-specific forensic data (OnLineDFS). In addition, with OS Windows virtual machines. X’s Unix underpinnings, Unix-based tools and scripts allow an expert examiner to gather generic information about files and processes. None of the existing tools addresses dual-boot Windows/OS reproducible manner, including fully documenting the inves- X machines, made possible with Apple’s Boot Camp software, tigative process with its own audit log. It can also produce RTF, nor do they handle the increasingly popular Windows/Linux PDF, or HTML formatted reports of the data gathered, along virtual machines under OS X on Intel, such as Parallels and with investigators’ notes. VMware Fusion. Further, no existing tool addresses the new, The initial ‘‘triage’’ mode in MEGA allows an investigator to forensically critical data available in OS X: Spotlight searches quickly assess the operating system(s) installed on a Mac OS X and caches, Safari web browser information, encrypted home disk image or machine – both bootable partitions and virtual ma- directories, iPods associated with a machine, and so on. chine images within the file systems. This information allows Recent research, such as that of Kubasiak (2007, 2008) and the forensic examiner to quickly pinpoint the disk partitions MAC OS, has explored the forensic implications of data writ- most likely of interest and to apply operating system-specific ten by the Mac OS X operating system and common applica- tools to those partitions. Fig. 2 shows an example of the triage re- tions. Much more data of forensic relevance is documented sults for a machine with two Windows virtual machines. in reference materials by Apple Computer Inc. (2006) and Once triage is complete, MEGA employs command-line Singh (2006). Recent work has also shown that dictionary at- analysis tools on files automatically extracted from the disk tacks are effective in decrypting user directories encrypted image, then presents the results graphically. MEGA is with Apple’s FileVault feature (Appelbaum and Weinmann, designed to be extensible, allowing new analysis tools to be 2006). Finally, the limited existing research on iPod forensics created and added dynamically (e.g., to extract ‘‘recent indicates that details of the machine ‘‘associated’’ with an addresses’’ from a new type of e-mail client). iPod are maintained on the iPod itself, in addition to any ad- Machine-wide, MEGA can make use of Spotlight indexes dress book entries or calendar items automatically synced written by the operating system; this feature is described in by iTunes (Marsico and Rogers, 2005; Slay and Przibilla, Section 4. MEGA can also detect and analyze user home 2007). This data could prove a vital link between a music directories encrypted using the Mac OS X FileVault feature, player found on the scene and a computer used at home. as will be discussed in Section 5. 3. Approach 4. Spotlight file metadata MEGA extracts and analyzes OS X-specific forensic informa- Spotlight is the metadata indexing system introduced in Mac tion from a seized disk image, as shown in Fig. 1. (MEGA could OS X 10.4. At the highest level, Spotlight is responsible for ac- also operate in a ‘‘live’’ forensics setting – executing directly quiring, storing, indexing, and performing searches on file on the running machine to be analyzed – but our initial atten- metadata (Apple Computer Inc., 2007a). By default, the Spot- tion is on after-the-fact analysis.) With a focus on interpreting light indexer runs continuously in the background, tracking and analyzing files written by the operating system and com- modified files and updating the metadata index in real-time. mon OS X applications, MEGA will provide insight into user ac- For investigators, Spotlight metadata should be treated as tivities that is not possible – or is substantially more tedious to advisory only, used in conjunction with other search technol- obtain – with low-level disk image tools. ogies; the absence of a file from the Spotlight index is not ex- MEGA uses the open source Sleuth Kit tools to extract par- culpatory evidence. Yet the Spotlight index is invaluable in tition information and files, allowing MEGA to read dd (raw), speeding searches for files based on sophisticated content or EnCase, and FTK format disk images (Carrier). Most of MEGA’s metadata criteria. extraction and analysis work is performed by executing com- Spotlight encapsulates two other capabilities: searching for mand-line tools – both The Sleuth Kit and our own custom files based on file system metadata, such as filename, size, and tools. MEGA performs its tasks in a forensically sound, modification date; and indexing and searching the content of digital investigation 5 (2008) S83–S90 S85 Fig. 2 – Example of MEGA triage results with a single-boot machine containing two virtual machines. text-based files, a feature formerly available through Search file content formats by default, including Microsoft Word files, Kit in OS X 10.3. The behavior of these two capabilities differs Apple Pages and Keynote documents, common image for- slightly from the behavior of other Spotlight metadata, despite mats, and e-mail mailbox files from a number of client pro- being integrated into Spotlight. grams. Other file types can be supported for forensic When a file is created or modified, it is processed by the ap- analysis if the database is rebuilt, as will be discussed in propriate metadata importer, which generates metadata from Section 4.2.1.) the file.
Load more

Recommended publications
  • Designing PCI Cards and Drivers for Power Macintosh Computers
    Designing PCI Cards and Drivers for Power Macintosh Computers Revised Edition Revised 3/26/99 Technical Publications © Apple Computer, Inc. 1999 Apple Computer, Inc. Adobe, Acrobat, and PostScript are Even though Apple has reviewed this © 1995, 1996 , 1999 Apple Computer, trademarks of Adobe Systems manual, APPLE MAKES NO Inc. All rights reserved. Incorporated or its subsidiaries and WARRANTY OR REPRESENTATION, EITHER EXPRESS OR IMPLIED, WITH No part of this publication may be may be registered in certain RESPECT TO THIS MANUAL, ITS reproduced, stored in a retrieval jurisdictions. QUALITY, ACCURACY, system, or transmitted, in any form America Online is a service mark of MERCHANTABILITY, OR FITNESS or by any means, mechanical, Quantum Computer Services, Inc. FOR A PARTICULAR PURPOSE. AS A electronic, photocopying, recording, Code Warrior is a trademark of RESULT, THIS MANUAL IS SOLD “AS or otherwise, without prior written Metrowerks. IS,” AND YOU, THE PURCHASER, ARE permission of Apple Computer, Inc., CompuServe is a registered ASSUMING THE ENTIRE RISK AS TO except to make a backup copy of any trademark of CompuServe, Inc. ITS QUALITY AND ACCURACY. documentation provided on Ethernet is a registered trademark of CD-ROM. IN NO EVENT WILL APPLE BE LIABLE Xerox Corporation. The Apple logo is a trademark of FOR DIRECT, INDIRECT, SPECIAL, FrameMaker is a registered Apple Computer, Inc. INCIDENTAL, OR CONSEQUENTIAL trademark of Frame Technology Use of the “keyboard” Apple logo DAMAGES RESULTING FROM ANY Corporation. (Option-Shift-K) for commercial DEFECT OR INACCURACY IN THIS purposes without the prior written Helvetica and Palatino are registered MANUAL, even if advised of the consent of Apple may constitute trademarks of Linotype-Hell AG possibility of such damages.
    [Show full text]
  • Tellstory a Medialogy Project About Storytelling in Handheld Games
    TellStory A Medialogy project about storytelling in handheld games Medialogy - 10th semester Project period: 01-02-2010 to 16-06-2010 Supervisors: Tony Brooks & Kristoffer Jensen Student: David Lindholm Abstract This paper describes a project made to explore storytelling in a game on a hand-held platform. The application used in the test is a small game-like iPhone app, implemented using the iPhone SDK 3.2 and various other tools. The application tells two stories using two different storytelling tools: Non-player character (NPC) dialogue and pure text. To evaluate the impact of having a character there to tell the story versus just reading a screen of text, a small group of people were tested and interviewed. The results give some insight into what factors influence storytelling in a hand-held game, as well as the understanding of the story and storytelling preferences. ------------------------------ David Lindholm David Lindholm 2 of 55 Reader's manual The report is numbered with Arabic numerals, and the appendix is numbered using Roman numerals. When referencing other sections, both the section and page numbers will be listed. All figures and tables are numbered incrementally using Arabic numerals. When reading this report, any mentions of previous or earlier projects are to be understood as previous projects and project groups I have been involved in. Acknowledgements Parts of the test application relies on graphics that were reused from previous projects. Additionally, as there is a small amount of overlap between this project and previous works, parts of this report contain content also used in earlier reports. For those reasons, I would like to thank my former associates Razvan Enescu, Qiong Jia, and Nicolaj Hansen, for allowing me to continue the work that we started together.
    [Show full text]
  • The Apple Macintosh Computer
    The Apple Macintosh Computer Mouse-window-desktop technology arrives for under $2500 by Gregg Williams Apple established itself as one of strengthened that reputation with a The Macintosh arrives, finally, after the leading innovators in personal new machine, the Macintosh (above). a history of colorful rumors. It will computing technology a year ago by In terms of technological sophistica- cost from $1995 to $2495, weighs 22.7 introducing the Lisa, a synthesis and tion and probable effect on the mar- pounds, and improves on the mouse- extension of human-interface tech- ketplace, the Macintosh will outdis- window-desktop technology started nology that has since been widely tance the Lisa as much as the Lisa by the impressive but expensive Lisa imitated. Now the company has has outdistanced its predecessors. computer. A system with printer and 30 February 1984 C BYTE Publications Inc. second disk drive costs about $900 corner are selections for the current commercial product: the graphics/ more, but even at that price, the line width. By selecting the "open mouse orientation, the desktop meta- Macintosh is worth waiting for. oval" tool and the thickest line width, phor, the data-as-concrete-object we can draw empty ovals with thick metaphor, and the shared user inter- The Macintosh at Work borders (figure 1d). By selecting the face between programs. The Mac has Before we look at the Macintosh (or "paint bucket" tool and the "diagonal inherited these concepts; for further Mac) in more detail, lets look at how bricks" pattern, we can fill the oval details on them, see my article, "The it works.
    [Show full text]
  • By Michael L. Black Dissertation
    TRANSPARENT CULTURES: IMAGINED USERS AND THE POLITICS OF SOFTWARE DESIGN (1975-2012) BY MICHAEL L. BLACK DISSERTATION Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in English in the Graduate College of the University of Illinois at Urbana-Champaign, 2014 Urbana, Illinois Doctoral Committee: Professor Robert Markley, Chair Associate Professor Ted Underwood Associate Professor Melissa Littlefield Associate Professor Spencer Schaffner Associate Professor John T. Newcomb ii Abstract The rapid pace of software’s development poses serious challenges for any cultural history of computing. While digital media studies often sidestep historicism, this project asserts that computing’s messy, and often hidden, history can be studied using digital tools built to adapt text-mining strategies to the textuality of source code. My project examines the emergence of personal computing, a platform underlying much of digital media studies but that itself has received little attention outside of corporate histories. Using an archive of technical papers, professional journals, popular magazines, and science fiction, I trace the origin of design strategies that led to a largely instrumentalist view of personal computing and elevated “transparent design” to a privileged status. I then apply text-mining tools that I built with this historical context in mind to study source code critically, including those features of applications hidden by transparent design strategies. This project’s first three chapters examine how and why strategies of information hiding shaped consumer software design from the 1980s on. In Chapter 1, I analyze technical literature from the 1970s and 80s to show how cognitive psychologists and computer engineers developed an ideal of transparency that discouraged users from accessing information structures underlying personal computers.
    [Show full text]
  • Enhanced Power Macintosh Computers
    Developer Note Enhanced Power Macintosh Computers Power Macintosh 6100/66 Power Macintosh 7100/80 Power Macintosh 8100/100 Power Macintosh 8100/110 Developer Note Developer Press © Apple Computer, Inc. 1994 Apple Computer, Inc. Motorola is a registered trademark of LIMITED WARRANTY ON MEDIA AND © 1994 Apple Computer, Inc. Motorola Corporation. REPLACEMENT All rights reserved. NuBus is a trademark of If you discover physical defects in the No part of this publication may be Texas Instruments. manual or in the media on which a software reproduced, stored in a retrieval PowerPC is a trademark of product is distributed, APDA will replace system, or transmitted, in any form or International Business Machines the media or manual at no charge to you by any means, mechanical, electronic, Corporation, used under license provided you return the item to be replaced photocopying, recording, or otherwise, therefrom. with proof of purchase to APDA. without prior written permission of ™ SoftWindows —Windows is a ALL IMPLIED WARRANTIES ON THIS Apple Computer, Inc. Printed in the trademark of Microsoft Corporation MANUAL, INCLUDING IMPLIED United States of America. and SoftWindows is a trademark used WARRANTIES OF MERCHANTABILITY The Apple logo is a trademark of under license by Insignia Solutions, AND FITNESS FOR A PARTICULAR Apple Computer, Inc. Inc., from Microsoft Corporation. PURPOSE, ARE LIMITED IN DURATION Use of the “keyboard” Apple logo Simultaneously published in the United TO NINETY (90) DAYS FROM THE DATE (Option-Shift-K) for commercial States and Canada. OF THE ORIGINAL RETAIL PURCHASE purposes without the prior written OF THIS PRODUCT. consent of Apple may constitute trademark infringement and unfair Even though Apple has reviewed this competition in violation of federal and manual, APPLE MAKES NO WARRANTY state laws.
    [Show full text]
  • Introduction to Sound on the Macintosh 1
    CHAPTER 1 Introduction to Sound on the Macintosh 1 This chapter provides an introduction to managing sound on Macintosh computers. It’s intended to help you quickly get started integrating sound into your application. This 1 chapter introduces the concepts described in detail throughout the rest of this book and Introduction to Sound on the Macintosh provides source code examples that show you how to use the most basic sound-related capabilities of Macintosh computers. These examples use the Sound Manager to play sounds, the Sound Input Manager to record sounds, and the Speech Manager to convert text strings into spoken words. Even if your application is not specifically concerned with creating or playing sounds, you can often improve your application at very little programming expense by using these system software services to integrate sound or speech into its user interface. For example, you might use the techniques described in this chapter to ■ play a sound to alert the user that a lengthy spreadsheet calculation is completed ■ provide voice annotations for a word-processing document ■ read aloud the text string that is displayed in a dialog box If you want to use sound in these simple ways, this chapter will probably provide all the information you need. The Sound Manager, Sound Input Manager, and Speech Manager provide high-level routines that make it very easy to play or record sounds without knowing very much about how sounds are stored or produced electronically. If, on the other hand, you are writing an application that is primarily concerned with sound, you should read this chapter and some of the remaining chapters in this book.
    [Show full text]
  • Creating a Universal Mac OS X 10.4 Baseload
    Building a Universal Mac OS X 10.4 System with Radmind Andrew Mortensen University of Michigan [email protected] Abstract: By splitting Mac OS X 10.4 into PowerPC and Intel versions and delaying a Universal system until Mac OS X 10.5, Apple has complicated the adoption of Intel Macs in enterprise environments. Without a Universal Mac OS X 10.4, enterprise administrators must effectively double their responsibilities and maintain two operating systems. Using Radmind, a collection of open-source system management tools, administrators can create and maintain a single Universal Mac OS X 10.4 image that will boot and run on all supported PowerPC and Intel hardware. With the release of Intel Macintosh computers, Apple1 has again taken the difficult step of moving to an entirely new architecture. To ease the transition, Apple has provided developers with the tools to create “Universal” binaries that can be loaded and executed by either PowerPC or Intel hardware, the goal being a platform agnosticism that should, ideally, hide the differences between architectures from the average user. In most cases, this means developers must update applications or force users to run their software in Apple’s PPC emulation layer, Rosetta, and deal with performance hits accordingly. Nevertheless, whether they’re running applications in emulation or natively, most home users will find the transition little more than the effort required to set up a new computer and load it with their personal information. The same is not true for enterprise Mac OS X deployments. Most enterprise deployments rely on templates, images and loadsets to manage computers, built from a local configuration of the operating system.
    [Show full text]
  • Handy Brochure
    Technology Meetings and Changes Membership Regular Monthly Meetings Meetings are open and are held on the second Tuesday of each month on the Princeton Theological Seminary Campus. Look on www.pmug-nj.org for changes in meeting locations. Socializing and the Q&A groups begin at 6:15 p.m., the business meeting and program begin at 7:30. Be it Macs, iPods, iPhone, iPads or other Apple related technology we have it covered! Additional Support and Help The Intermediate/Advanced Group meets at 6:15 Regardless of your level of knowledge it is hard to keep before the general meeting as a concentrated Q&A up with the constant change. A user group offers that period for intermediate to advanced users. Our opportunity. Beginners Group also meets at 6:15 and provides The membership of the Princeton Macintosh Users a more intimate forum for new users. As you meet The Group is large, mostly non-university, and includes Apple your fellow members, you will find others with similar users of all levels. interests and those with expertise who can help or suggest avenues towards solutions. Princeton We are big enough to draw high-tech multimedia professionals from the private sector for presentations Membership and to be sought out by top software vendors. We’re The Princeton Macintosh Users’ Group is a volunteer Macintosh also flexible enough to be valuable to beginner and organization open to all, whether or not affiliated with intermediate Apple users. Princeton University. All current and potential Apple Users Group Knowledge is a two-way street, and PMUG also offers the users are welcome to join.
    [Show full text]
  • Mac Operating System 7.1 Introduction Mac OS Is a Series
    Page 1 of 6 Mac Operating System 7.1 Introduction Mac OS is a series of graphical user interface-based operating systems developed by Apple Inc. for their Macintosh line of computer systems. The original operating system was first introduced in 1984 as being integral to the original Macintosh, and referred to as the "System". Referred to by its major revision starting with "System 6 and "System 7", Apple rebranded version 7.6 as "Mac OS" as part of their Macintosh clone program in 1996. The Macintosh, specifically its system software, is credited with having popularized the early graphical user interface concept. Macintosh operating systems have been released in two major series. Up to major revision 9, from 1984 to 2000, it is historically known as Classic Mac OS. Major revision 10, from 2001 to present, is branded OS X (originally referred to as Mac OS X). Major revisions to the Macintosh OS are now issued as point revisions, such that, for example, 10.2 is substantially different from 10.5. Both series share a general interface design, and there has been some overlap with shared application frameworks and virtual machine technology for compatibility; but the two series also have deeply different architectures OS X, introduced as Mac OS X in 2001 and renamed OS X in 2012, is the latest version of Apple's operating system. Although it is officially designated as simply "version 10" of the Mac OS, it has a history largely independent of the earlier Mac OS releases. The operating system is the successor to Mac OS 9 and the "classic" Mac OS.
    [Show full text]
  • Apple Inc. (AAPL) Resuming Coverage with CL-Buy: Platform Opportunity
    December 12, 2010 ACTION Buy Apple Inc. (AAPL) Return Potential: 34% Equity Research Resuming coverage with CL-Buy: platform opportunity still nascent Source of opportunity Investment Profile We are resuming coverage of Apple with a Buy rating and 12-month target Low High price of $430 and placing it on our Americas Conviction List. We believe Growth Growth Apple’s platform-centric business model is the secret sauce that has Returns * Returns * Multiple Multiple enabled it to quickly capture market share in new computing segments Volatility Volatility while simultaneously enjoying considerable margin leverage. Percentile 20th 40th 60th 80th 100th Furthermore, we believe significant growth and profit opportunities for Apple Inc. (AAPL) this platform still lie ahead. As a result, we expect revenue and earnings Americas Technology Peer Group Average * Returns = Return on Capital For a complete description of the expectations to continue to trend upward, and we view the shares as investment profile measures please refer to attractive at current levels. the disclosure section of this document. Catalyst Key data Current Price ($) 320.56 Apple’s recent gross margin trends and guidance have caused some 12 month price target ($) 430.00 concerns among the investing community. Our analysis of Apple’s Market cap ($ mn) 293,623.4 platform history not only suggests that this gross margin erosion is 9/10 9/11E 9/12E 9/13E normal, but also that we have probably already seen the worst of it. Revenue ($ mn) New 65,225.1 91,807.0 110,772.6 122,389.7 Indeed, we believe Apple’s margins have already bottomed, and we expect Revenue ($ mn) Old-------- EPS ($) New 15.15 19.86 24.91 28.29 the company to resume its leverage-driven upside in coming quarters.
    [Show full text]
  • Imac 20" Early 2006
    Service Source iMac (Early 2006 20-inch) © 2006 Apple Computer, Inc. All rights reserved. iMac (Early 2006 20-inch) Contents What’s New 4 iMac (Early 2006) 4 Take Apart General Information 6 Product View 6 Identifying the iMac (Early 2006 20-inch) Computer 6 What’s New 7 Tools Required 9 Orientation 10 Serial Number Location 10 Safety 11 Opening the Computer 12 EMI Shielding 12 Access Door 13 Memory 15 Front Bezel 18 Camera Board 26 Lower EMI Shield 32 IR Board 35 LCD Display Panel 40 Speakers 48 AirPort Extreme Card 54 Bluetooth Card 57 Optical Drive 60 Hard Drive 67 Power Supply, AC/DC 74 ii Logic Board 80 AC Line Filter 91 Fan, Hard Drive 95 Fan, Optical Drive 99 Fan, CPU 102 Power Supply, DC/DC, Inverter 105 Ambient Light Sensor Board 108 Cable, Camera and IR 111 Bluetooth Antenna 114 AirPort Antenna 118 Clutch Mechanism 122 Chassis 126 Rear Housing 129 Stand 132 Troubleshooting General Information 137 Serial Number Location 137 Power On Self Test (POST) 137 DDR Memory 138 Symptom Charts 139 How to Use the Symptom Charts 139 Power Issues 140 No Video 142 Display 144 Hard Drive 145 Optical Drive 147 Fan Sound 152 AirPort/ 155 IR Remote 156 IR Sensor/Receiver 157 Built-in iSight Camera 158 Speakers 160 Mouse 161 iii What’s New iMac (Early 2006) Refer to the new procedures in the Take Apart and Troubleshooting chapters. Logic board • Intel Core Processor 1.83 and 2.0 GHz • No troubleshooting LEDs • Battery is located on the top side of the logic board AirPort Extreme and Bluetooth • Separate antennas • Separate parts: AirPort Extreme and Bluetooth boards Memory • SO-DIMM DDR2 667 MHz, memory slot • Memory ejector levers are visibly different from the iMac G5 (iSight) models and should be used as shown in the Take Apart section.
    [Show full text]
  • Todd Mcdaniel, Mac Group, Marriott Library
    What’s New? Todd McDaniel, Mac Group, Marriott Library June, 2018 WWDC 2018 ✤ Nothing earth shaking ✤ No hardware announcements macOS 10.14 Mojave ✤ Dark Mode ✤ APFS support for Fusion and rotational drives ✤ Group FaceTime (up to 32 paticipants!) ✤ Finder Stacks ✤ Security and privacy enhancements, additional Safari anti-tracking tools ✤ Final MacOS support for 32-bits apps ✤ and… “Marizpan” in 2019?!? ✤ Bringing iOS apps to macOS ✤ Mojave will include several ported apps, including News, Stocks and Home ✤ Flag in Xcode plus “some additional work” iOS 12 ✤ Runs on anything that runs iOS 11 ✤ Better performance and security (more on that in a bit…), improved 911 location sharing ✤ Memoji ✤ Screen Time ✤ ARKit 2 ✤ Siri shortcuts (Automator comes to iOS?) ✤ Grouped notifications (sorted by service) ✤ Group FaceTime watchOS 5 ✤ Walkie Talkie (active in beta 2) ✤ Grouped notifications ✤ Student ID cards ✤ Improved workout detection ✤ Will not support the original Apple Watch tvOS 12 ✤ Dolby Atmos (active in beta 2, but limited content for testing) ✤ Zero sign-on ✤ New Aerials https://github.com/JohnCoates/Aerial Other news ✤ Apple bans crypto mining apps from Mac/App Stores https://appleinsider.com/articles/18/06/11/apple-bans-cryptocurrency-mining-on-the-iphone-and-ipad ✤ macOS code signing bypass https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/ ✤ How one Apple programmer got apps talking to each other https://www.wired.com/story/soghoian-automation ✤ USB Restricted Mode in iOS 12 https://motherboard.vice.com/en_us/article/zm8ya4/apple-iphone-usb-restricted-mode-cellebrite-grayshift ✤ Quicklook leaking secured data https://wojciechregula.blog/your-encrypted-photos-in-macos-cache/ https://objective-see.com/blog/blog_0x30.html QR Code Vulnerability in macOS/iOS ✤ https://infosec.rm-it.de/ 2018/03/24/ios-camera-qr-code- url-parser-bug/ ✤ Easy to mislead users with deceptive link info ✤ Took Apple 4 months to fix… A month after responsible disclosure.
    [Show full text]