Difference between pages "Acquiring a MacOS System with Target Disk Mode" and "Biometrics Bibliography"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
Make sure to [[Disabling_Macintosh_Disk_Arbitration_Daemon|disable the disk arbitration daemon]] on the machine where you will do the acquisition. Alternatively use a FireWire [[Write Blockers|write blocker]]
+
<bibtex>
 +
@inproceedings{642639,
 +
author = {Lynne Coventry and Antonella De Angeli and Graham Johnson},
 +
title = {Usability and biometric verification at the ATM interface},
 +
booktitle = {CHI '03: Proceedings of the SIGCHI conference on Human factors in computing systems},
 +
year = {2003},
 +
isbn = {1-58113-630-7},
 +
pages = {153--160},
 +
location = {Ft. Lauderdale, Florida, USA},
 +
doi = {http://doi.acm.org/10.1145/642611.642639},
 +
publisher = {ACM Press},
 +
address = {New York, NY, USA},
 +
url="http://portal.acm.org/citation.cfm?id=642611.642639",
 +
abstract="This paper describes some of the consumer-driven usability research conducted by NCR Self Service Strategic Solutions in the development of an understanding of usability and user acceptance of leading-edge biometrics verification techniques. We discuss biometric techniques in general and focus upon the usability phases and issues, associated with iris verification technology at the Automated Teller Machine (ATM) user interface. The paper concludes with a review of some of the major research issues encountered, and an outline of future work in the area."
 +
}
 +
</bibtex>
  
Prepare a clean firewire drive format is as [[HFS+]] using Mac Disk Utility; name the volume “Target”. This process relies on being able to identify which drive is the suspect's drive by knowing its size. Many new Macs are shipping with 250GB drives. Having a unique firewire target drive size will help you identify it later, as you will see below.
+
<bibtex>
 +
@article{1221459,
 +
author = "Doroteo T. Toledano and Rub\'{e}n Fern\'{a}ndez Pozo and \'{A}lvaro Hern\'{a}ndez Trapote and Luis Hern\'{a}ndez G\'{o}mez",
 +
title = {Usability evaluation of multi-modal biometric verification systems},
 +
journal = {Interact. Comput.},
 +
volume = {18},
 +
number = {5},
 +
year = {2006},
 +
issn = {0953-5438},
 +
pages = {1101--1122},
 +
doi = {http://dx.doi.org/10.1016/j.intcom.2006.01.004},
 +
publisher = {Elsevier Science Inc.},
 +
address = {New York, NY, USA},
 +
}
 +
</bibtex>
  
Note the sizes of all drives on your forensic Mac, if you don't already know. To find out:
+
<bibtex>
<pre>
+
@article{1272062,
Go to the Apple menu > About This Mac > More info > ATA.
+
author = {M. Angela Sasse},
</pre>
+
title = {Red-Eye Blink, Bendy Shuffle, and the Yuck Factor: A User Experience of Biometric Airport Systems},
 +
journal = {IEEE Security and Privacy},
 +
volume = {5},
 +
number = {3},
 +
year = {2007},
 +
issn = {1540-7993},
 +
pages = {78--81},
 +
doi = {http://dx.doi.org/10.1109/MSP.2007.69},
 +
publisher = {IEEE Educational Activities Department},
 +
address = {Piscataway, NJ, USA},
 +
abstract = {The author examines user interaction with biometric systems at airports, and emphasizes usability's importance in successfully operating biometric systems.}
 +
}
  
== Connecting the suspect drive ==
+
</bibtex>
1. Without turning anything on, connect the forensic Mac to the suspect’s computer using a firewire cable.
+
  
2. Hold down the “Option” key on the suspect’s computer and turn it on.
+
<bibtex>
 +
@article{wwk001,
 +
author = {Adams Wai-Kin Konga, David Zhanga and Guangming Luc  },
 +
title = {A study of identical twins’ palmprints for personal verification},
 +
journal = {Pattern Recognition},
 +
volume = {39},
 +
number = {11},
 +
year = {2006},
 +
pages = {2149--2156},
 +
doi = {http://dx.doi.org/10.1016/j.physletb.2003.10.071},
 +
publisher = {Elsevier B.V},
 +
 +
abstract = {Automatic biometric systems based on human characteristics for personal identification have attracted great attention. Their performance highly depends on the distinctive information in the biometrics. Identical twins having the closest genetics-based relationship are expected to have maximum similarity in their biometrics. Classifying identical twins is a challenging problem for some automatic biometric systems. Palmprint has been studied for personal identification for over seven years. Most of the previous research concentrates on algorithm development. In this paper, we systemically examine palmprints from the same DNA for automatic personal identification and to uncover the genetically related palmprint features. The experimental results show that the three principal lines and some portions of weak lines are genetically related features but our palms still contain rich genetically unrelated features for classifying identical twins.}
 +
}
  
3. If the suspect’s computer '''does not''' ask for a password, then '''turn it off'''. If the computer '''does''' ask for a password, then '''turn it off'''. You cannot do a simple TDM acquisition if a password is required. You will have to either:
+
</bibtex>
  
a. remove the drive and do a direct acquisition
+
<bibtex>
 +
@article{ganeshana001,
 +
author = {Balaji Ganeshana, Dhananjay Theckedathb, Rupert Younga and Chris Chatwina  },
 +
title = {Biometric iris recognition system using a fast and robust iris localization and alignment procedure },
 +
journal = {Optics and Lasers in Engineering },
 +
volume = {44},
 +
number = {1},
 +
month = {January},
 +
year = {2006},
 +
pages = {1--24},
 +
doi = {http://dx.doi.org/10.1016/j.optlaseng.2005.03.010 },
 +
publisher = {Elsevier B.V},
 +
 +
abstract = {Iris recognition as a biometric technique for personal identification and verification is examined. The motivation for this stems from the observation that the human iris provides a unique structure suitable for non-invasive biometric assessment. In particular the irises are as distinct as fingerprints or patterns of retinal blood vessels and the appearance of the iris is amenable to remote examination. In this paper we have used a database of iris images of more than 100 people, which was used in the implementation of the iris recognition software. The software developed uses a novel technique of localization, alignment, pattern matching of the irises and finally the decision regarding the degree of match. }
 +
}
  
b. modify the memory by adding or removing chips and zapping the PRAM.
+
</bibtex>
  
<pre>
+
<bibtex>
To zap the PRAM, start up the computer and as soon as you hear the startup 'bong', hold down these four keys:
+
@article{ross001,
Command-Option-P-R.
+
author = {Arun Ross and Anil Jain },
 +
title = {Information fusion in biometrics},
 +
journal = {Pattern Recognition Letters },
 +
volume = {24},
 +
number = {13},
 +
month = {September},
 +
year = {2003},
 +
pages = {2115--2125},
 +
doi = {http://dx.doi.org/10.1016/S0167-8655(03)00079-5  },
 +
publisher = {Elsevier B.V},
 +
 +
abstract = {Reliable and accurate verification of people is extremely important in a number of business transactions as well as access to privileged information. Automatic verification methods based on physical biometric characteristics such as fingerprint or iris can provide positive verification with a very high accuracy. However, the biometrics-based methods assume that the physical characteristics of an individual (as captured by a sensor) used for verification are sufficiently unique to distinguish one person from another. Identical twins have the closest genetics-based relationship and, therefore, the maximum similarity between fingerprints is expected to be found among identical twins. We show that a state-of-the-art automatic fingerprint verification system can successfully distinguish identical twins though with a slightly lower accuracy than nontwins. }
 +
}
  
It will bong again, and again. Continue to hold down these four keys until it has 'bonged' a total of three times
+
</bibtex>
(the initial startup bong and two more after you hold down those four keys).
+
</pre>
+
  
4. Assuming that no password was needed, hold down the “T” key and turn the suspect’s computer back on. The computer will eventually display the firewire logo on the screen and is then ready for TDM.
+
<bibtex>
 +
@article{sou001,
 +
author = {Colin Soutar },
 +
title = {Implementation of Biometric Systems — Security and Privacy Considerations },
 +
journal = {Information Security Technical Report},
 +
volume = {7},
 +
number = {4},
 +
month = {December},
 +
year = {2002},
 +
pages = {49--55},
 +
doi = {http://dx.doi.org/10.1016/S1363-4127(02)00406-5  },
 +
publisher = {Elsevier Science Ltd},
 +
 +
abstract = {As biometric systems are deployed within security systems, or as part of identification programs, implementation issues relating to security and privacy need to be considered. The role of a biometric system is to recognize (or not) an individual through specific physiological or behavioral traits. The use of the word ‘recognize’ is significant — defined in the Oxford Dictionary as “identify as already known”. In other words, a biometric system does not establish the identity of an individual in any way, it merely recognizes that they are who they say they are (in a verification or a ‘positive identification’ system), or that they were not previously known to the system (in a ‘negative identification’ system, for example, to avoid double enrollment in a welfare system). This tie between the actual identity of an individual and the use of biometrics is subtle and provokes much debate, particularly relating to privacy and other societal issues. This paper seeks to clarify come of these issues by providing a framework, and by distinguishing between technology and societal issues. }
 +
}
  
== Acquiring the suspect drive ==
+
</bibtex>
  
1. Turn on the acquiring Mac (with the disk arbitration daemon disabled)
+
<bibtex>
2. Start the Terminal. And at the command prompt run:
+
@article{jain001,
<pre>
+
author = {Anil K. Jain, Salil Prabhakar,and Sharath Pankanti},
cd /dev
+
title = {On the similarity of identical twin fingerprints },
ls disk?
+
journal = {Pattern Recognition },
</pre>
+
volume = {35},
 +
number = {11},
 +
month = {November},
 +
year = {2002},
 +
pages = {2653--2663},
 +
doi = {http://dx.doi.org/10.1016/S0031-3203(01)00218-7 },
 +
publisher = {Elsevier B.V.},
 +
 +
abstract = {Reliable and accurate verification of people is extremely important in a number of business transactions as well as access to privileged information. Automatic verification methods based on physical biometric characteristics such as fingerprint or iris can provide positive verification with a very high accuracy. However, the biometrics-based methods assume that the physical characteristics of an individual (as captured by a sensor) used for verification are sufficiently unique to distinguish one person from another. Identical twins have the closest genetics-based relationship and, therefore, the maximum similarity between fingerprints is expected to be found among identical twins. We show that a state-of-the-art automatic fingerprint verification system can successfully distinguish identical twins though with a slightly lower accuracy than nontwins.  }
 +
}
  
This will list all drives that are seen by the system. A list containing at least three drives will appear:
+
</bibtex>
* disk0
+
* disk1
+
* disk2
+
  
One of these drives is the suspect’s. The other two are either the forensic Mac’s OS or the '''Target''' drive. You won’t necessarily know which is which, so you need to query them to see their size, which will give you a hint.  
+
<bibtex>
 +
@article{doro01,
 +
author = {Doroteo T. Toledano, Rubén Fernández Pozo, Álvaro Hernández Trapote and Luis Hernández Gómez},
 +
title = {Usability evaluation of multi-modal biometric verification systems },
 +
journal = {Interacting with Computers },
 +
volume = {18},
 +
number = {5},
 +
month = {September},
 +
year = {2006},
 +
pages = {1101--1122},
 +
doi = {http://dx.doi.org/10.1016/j.intcom.2006.01.004 },
 +
publisher = {Elsevier B.V.},
 +
 +
abstract = {As a result of the evolution in the field of biometrics, a new breed of techniques and methods for user identity recognition and verification has appeared based on the recognition and verification of several biometric features considered unique to each individual. Signature and voice characteristics, facial features, and iris and fingerprint patterns have all been used to identify a person or just to verify that the person is who he/she claims to be. Although still relatively new, these new technologies have already reached a level of development that allows its commercialization. However, there is a lack of studies devoted to the evaluation of these technologies from a user-centered perspective. This paper is intended to promote user-centered design and evaluation of biometric technologies. Towards this end, we have developed a platform to perform empirical evaluations of commercial biometric identity verification systems, including fingerprint, voice and signature verification. In this article, we present an initial empirical study in which we evaluate, compare and try to get insights into the factors that are crucial for the usability of these systems.   }
 +
}
  
3. Tho probe a drive, e.g. '''/dev/disk1''' you can use '''pdisk''':
+
</bibtex>
<pre>
+
sudo pdisk /dev/disk1
+
</pre>
+
  
The output of '''pdisk''' will look something like:
+
<bibtex>
 +
@article{doro01,
 +
author = {Daugman, J.  },
 +
title = {How iris recognition works},
 +
journal = {Circuits and Systems for Video Technology, IEEE Transactions on},
 +
volume = {14},
 +
number = {1},
 +
month = {January},
 +
year = {2004},
 +
pages = {21--30},
 +
doi = {http://dx.doi.org/10.1109/TCSVT.2003.818350},
 +
url = {http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=1262028},
 +
 +
abstract = {Algorithms developed by the author for recognizing persons by their iris patterns have now been tested in many field and laboratory trials, producing no false matches in several million comparison tests. The recognition principle is the failure of a test of statistical independence on iris phase structure encoded by multi-scale quadrature wavelets. The combinatorial complexity of this phase information across different persons spans about 249 degrees of freedom and generates a discrimination entropy of about 3.2 b/mm/sup 2/ over the iris, enabling real-time decisions about personal identity with extremely high confidence. The high confidence levels are important because they allow very large databases to be searched exhaustively (one-to-many "identification mode") without making false matches, despite so many chances. Biometrics that lack this property can only survive one-to-one ("verification") or few comparisons. The paper explains the iris recognition algorithms and presents results of 9.1 million comparisons among eye images from trials in Britain, the USA, Japan, and Korea. }
 +
}
  
<pre>
 
/dev/disk0 map block size=512
 
  #: type name length base ( size )
 
    1: Apple_partition_map Apple 63 @ 1
 
    2: Apple_Driver43*Macintosh 56 @ 64
 
    3: Apple_Driver43*Macintosh 56 @ 120
 
    4: Apple_Driver_ATA*Macintosh 56 @ 176
 
    5: Apple_Driver_ATA*Macintosh 56 @ 232
 
    6: Apple_FWDriver Macintosh 512 @ 288
 
    7: Apple_Driver_IOKit Macintosh 512 @ 800
 
    8: Apple_Patches Patch Partition 512 @ 1312
 
    9: Apple_HFS OS X 72600384 @ 1824 ( 34.6G)
 
    10: Apple_HFS OS 8.6 5537944 @ 72602208 ( 2.6G)
 
    11: Apple_Free 0+@ 78140152
 
</pre>
 
  
5. Partitions on an HFS are called  “slices.” You can see in bold that this drive has a 34.6G slice listed under the number 9 and a 2.6G under line 10. Add them up and your looking at a “40G” drive. If the result is the wrong size, then you are looking at the wrong drive. Repeat step 4 using '''disk0''' and '''disk2''' to identify all the disks.
+
</bibtex>
  
6. Lets assume that your Target volume is '''disk2''' and is a 120GB. If it is formatted as HFS, then the query in step 4 should return something like this.
+
<bibtex>
 +
@article{328110,
 +
author = {Anil Jain and Lin Hong and Sharath Pankanti},
 +
title = {Biometric identification},
 +
journal = {Commun. ACM},
 +
volume = {43},
 +
number = {2},
 +
year = {2000},
 +
issn = {0001-0782},
 +
pages = {90--98},
 +
doi = {http://doi.acm.org/10.1145/328236.328110},
 +
publisher = {ACM Press},
 +
address = {New York, NY, USA},
 +
}
  
<pre>
+
</bibtex>
/dev/disk2 map block size=512
+
  #: type name length base ( size )
+
    1: Apple_partition_map Apple 63 @ 1
+
    2: Apple_Free 0+@ 64
+
    3: Apple_HFS Apple_HFS_Untitled_2 239859504 @ 262208 (114.4G)
+
    4: Apple_Free 0+@ 240121712
+
</pre>
+
  
Notice that slice '''3''' is 114.4 GB in size. Slice 3 is the “working area” on this 120G drive and is the slice that you will make available for receiving your evidence, using the mount command shown in green in line 8 below.
 
  
7. Once you confirm which drive is which, you are ready to go. Lets assume that your forensic drive is '''disk0''', the suspect’s drive is '''disk1''', and the Target drive is '''disk2'''.
+
=Surveys=
  
8. Because we turned off disk arbitration, however, the target drive isn't available to receive the image. We therefore need to mount the '''Target drive'''; specifically slice '''3''' of '''disk2'''.
+
Things to check:
  
 +
NIST  Face Recognition Vendor Test (FRVT) 2006 and the Iris Challenge Evaluation (ICE) 2006
  
  <table width="700" border="0" cellspacing="1" cellpadding="15">
+
<bibtex>
    <tr>
+
@report {ORC_PATUBITGPS},
      <td width="4">&nbsp;</td>
+
title = {Public Attitudes Toward the Uses of Biometric Identification Technologies by Government and the Private Sector},
      <td width="633" align="left" valign="top"><span class="Section1">Type<b> <span
+
year = {2002},
style='color:maroon'>sudo mount –t hfs /dev/</span><span style='color:blue'>disk2</span><span
+
url = {http://dematerialisedid.com/PDFs/Biometricsurveyfindings.pdf}
style='color:maroon'>s</span><span style='color:lime'>3 </span></b><span
+
</bibtex>
style='color:maroon;font-weight:normal'>/Volumes</span></span><span class="Section1" style='color:maroon'><b>/</b></span><span class="Section1"
+
style='color:blue'><b>Target</b></span><span class="Section1">.</span></td>
+
    </tr>
+
  </table>
+
  
  <table width="700" border="0" cellspacing="1" cellpadding="0">
 
    <tr class="Section12">
 
      <td width="17">&nbsp;</td>
 
      <td width="680"><div align="left">
 
        <table width="500" border="1" align="center" cellpadding="15" cellspacing="1" bordercolor="#000000">
 
            <tr>
 
              <td align="center" valign="middle" class="Section12"><p align="left">If you are still unsure about which drive is which, you can verify things because <span class="style24">Target</span>  now has a BSD name. To clear the Terminal screen, hold down the <span class="style35">command</span> key and type</p>
 
                <p align="center" class="style29"> k</p>
 
                <p align="left">Then, type </p>
 
                <p align="center" class="Section1 style29">ioreg -l</p>
 
              <p align="left">Buried in the resulting display is information about the connected drives. Go to the Terminal Menu&gt;Edit&gt;Find. Search for <span class="style30">disk1</span>. Scroll through the hits and you should see the make and model number for <span class="style34">disk1</span>. If a search for <span class="style24">disk2</span> comes up empty, then you know it is the unmounted drive. </p> </td>
 
            </tr>
 
          </table>
 
      </div></td>
 
    </tr>
 
  </table>
 
 
 
  <table width="700" border="0" cellspacing="1" cellpadding="15">
 
    <tr>
 
      <td class="Section1">At this point, you have the choice of imaging the suspect’s entire drive (recommended), or of just imaging the slice that you want. If you want to image the entire drive, type:&nbsp;&nbsp; </td>
 
    </tr>
 
  </table>
 
  <table width="700" border="0" cellspacing="1" cellpadding="15">
 
    <tr class="Section1">
 
      <td width="4"><span class="style11"></span></td>
 
      <td width="633" align="left" valign="top" class="style11"><span class="style12" style='color:maroon; page:Section1; font-family: Arial, Helvetica, sans-serif;'><b>sudo dd if=/dev/</b></span><span class="style12" style='color:red; page:Section1; font-family: Arial, Helvetica, sans-serif;'><b>disk1</b></span><span class="style10"><b> <span
 
style='color:maroon'>bs=1024 conv=notrunc,noerror,sync of=/Volumes/</span><span
 
style='color:blue'>Target/Evidence.dmg</span></b><span style='font-weight:normal'>.</span></span></td>
 
    </tr>
 
  </table>
 
  <table width="700" border="0" cellspacing="1" cellpadding="15">
 
    <tr>
 
      <td><p class="Section1">This will write a raw DD image to the root of <span style='color:blue'><b>Target</b></span> and will name the image <span style='color:blue'><b>Evidence.dmg</b>.</span></p>        <p class="Section1">If you only want to image particular slices, then add the slice to the command, i.e.</p></td>
 
    </tr>
 
  </table>
 
  
 +
<bibtex>
 +
@paper {simon001,
 +
author = {A. Simon, D. M. Worthen, and J. A. Mitas},
 +
title = {An evaluation of iridology},
 +
journal = {Journal of Ameerican Medical Assoc},
 +
volume = {242},
 +
pages = {1385--1387},
 +
year = {1979}
 +
}
  
  <table width="700" border="0" cellspacing="1" cellpadding="15">
+
</bibtex>
    <tr>
+
      <td width="4">&nbsp;</td>
+
      <td width="633" align="left" valign="top"><span class="style13" style='color:maroon'><span class="style22">sudo dd if=/dev/</span></span><span class="style15">disk1</span><span class="style17">s</span><span class="style19">9</span> <span class="style21"><b><span style='color:maroon'>bs=1024 conv=notrunc,noerror,sync of=/Volumes/</span><span
+
style='color:blue'>Target/Evidence.dmg</span></b><span style='font-weight:normal'>.</span></span></td>
+
    </tr>
+
  </table>
+
  
  
  <table width="700" border="0" cellspacing="1" cellpadding="15">
+
[[Category:Bibliographies]]
    <tr>
+
      <td><p class="Section1">A separate acquisition can be done for each slice that you want to examine by changing the slice number and giving each new image a different file name, i.e. <span style='color:blue'><b>EvidOS8.dmg</b></span>.</p>       
+
        <p class="Section1">The advantage of imaging the whole disk is that you can later bring it into Encase as a single evidence file. </p></td>
+
    </tr>
+
  </table>
+
 
+
 
+
  <table width="700" border="0" cellspacing="1" cellpadding="15">
+
    <tr class="Section1">
+
      <td width="4">&nbsp;</td>
+
      <td width="633" align="left" valign="top"><ol start=9 type=1>
+
          <li><span class="Section1">Your done. Unmount the <span class="style24">Target</span> drive by typing
+
            </span>
+
            <p class="style25">cd /Volumes</p>
+
            <p><span class="Section1" style='color:maroon'><b>sudo umount /</b></span><span class="Section1" style='color:blue'><b>Target</b></span></p>
+
          </li>
+
      </ol></td>
+
    </tr>
+
  </table>
+
  <table width="700" border="0" cellspacing="1" cellpadding="15">
+
    <tr>
+
      <td><p class="Section1">Shut down your forensic Mac and then shut down the suspect’s Mac. Disconnect the firewire connection to the suspect’s Mac.</p>       
+
      <p class="style26">Examination</p></td>
+
    </tr>
+
  </table>
+
 
+
 
+
  <table width="700" border="0" cellspacing="1" cellpadding="15">
+
    <tr class="Section1">
+
      <td width="4">&nbsp;</td>
+
      <td width="633" align="left" valign="top"><ol start=1 type=1>
+
          <li><span class="Section1">Reboot your forensic Mac and restore the <b>diskarbitrationd.plist</b><span
+
    style='font-weight:normal'> file back to the </span><b>/etc/mach-init.d</b><span
+
    style='font-weight:normal'> directory. Type </span></span>
+
            <p class="style23">cd / </p>
+
            <p><span class="Section1"
+
style='color:maroon'><b>sudo cp diskarbitrationd.plist /etc/mach_init.d</b></span><span class="Section1">. </span></p>
+
          </li>
+
      </ol></td>
+
    </tr>
+
  </table>
+
 
+
 
+
  <table width="700" border="0" cellspacing="1" cellpadding="15">
+
    <tr>
+
      <td class="Section1">Turn the  forensic Mac off and back on to initiate diskarbitration. Power up the <span style='color:blue'><b>Target</b></span> drive. The <span style='color:blue'><b>Target</b></span> drive should  mount and appear on your desktop. Open it.</td>
+
    </tr>
+
  </table>
+
  <table width="700" border="0" cellspacing="1" cellpadding="15">
+
    <tr>
+
      <td width="4">&nbsp;</td>
+
      <td width="633" align="left" valign="top"><ol start=2 type=1>
+
          <li class="Section1">The <span
+
    style='color:blue'><b>Evidence.dmg</b></span> file should appear. Click on it once. Lock the file via the “GET INFO” menu to ensure it is write protected.</li>
+
      </ol></td>
+
    </tr>
+
  </table>
+
  <table width="700" border="0" cellspacing="1" cellpadding="15">
+
    <tr>
+
      <td><p class="Section1">You can now double-click to mount the Evidence.dmg file <b>and explore it within the native Mac OS environment.</b></p>       
+
      <p class="Section1">If the image won’t mount, go into the Terminal and type the following:</p></td>
+
    </tr>
+
  </table>
+
 
+
  <table width="700" border="0" cellspacing="1" cellpadding="15">
+
    <tr>
+
      <td width="4">&nbsp;</td>
+
      <td width="633" align="left" valign="top"><span class="Section1"
+
style='color:maroon;layout-grid-mode:line'><b>sudo hdiutil attach</b></span> <span class="Section1" style='color:maroon'><b>/Volumes/</b></span><span class="Section1"
+
style='color:blue'><b>Target/Evidence.dmg</b></span><span class="Section1" style='layout-grid-mode:line'> <span style='color:maroon'><b>-shadow</b></span></span></td>
+
    </tr>
+
  </table>
+
 
+
If you want to move the evidence file over into Encase, change the .dmg extension to .001 and add it as a raw image.
+
 
+
Jon Muller, San Jose PD, (With guidance from Derrick Donnally), July-05
+
 
+
== See Also ==
+
* [[Mac OS X]]
+
 
+
[[Category:Howtos]]
+

Revision as of 20:43, 22 October 2007

Lynne Coventry, Antonella De Angeli, Graham Johnson - Usability and biometric verification at the ATM interface
CHI '03: Proceedings of the SIGCHI conference on Human factors in computing systems pp. 153--160, New York, NY, USA,2003
http://portal.acm.org/citation.cfm?id=642611.642639
Bibtex
Author : Lynne Coventry, Antonella De Angeli, Graham Johnson
Title : Usability and biometric verification at the ATM interface
In : CHI '03: Proceedings of the SIGCHI conference on Human factors in computing systems -
Address : New York, NY, USA
Date : 2003

Doroteo T. Toledano, Rub\'en Fern\'andez Pozo, \'Alvaro Hern\'andez Trapote, Luis Hern\'andez G\'omez - Usability evaluation of multi-modal biometric verification systems
Interact. Comput. 18(5):1101--1122, New York, NY, USA,2006
Bibtex
Author : Doroteo T. Toledano, Rub\'en Fern\'andez Pozo, \'Alvaro Hern\'andez Trapote, Luis Hern\'andez G\'omez
Title : Usability evaluation of multi-modal biometric verification systems
In : Interact. Comput. -
Address : New York, NY, USA
Date : 2006

M. Angela Sasse - Red-Eye Blink, Bendy Shuffle, and the Yuck Factor: A User Experience of Biometric Airport Systems
IEEE Security and Privacy 5(3):78--81, Piscataway, NJ, USA,2007
Bibtex
Author : M. Angela Sasse
Title : Red-Eye Blink, Bendy Shuffle, and the Yuck Factor: A User Experience of Biometric Airport Systems
In : IEEE Security and Privacy -
Address : Piscataway, NJ, USA
Date : 2007

Adams Wai-Kin Konga, David Zhanga, Guangming Luc - A study of identical twins’ palmprints for personal verification
Pattern Recognition 39(11):2149--2156,2006
Bibtex
Author : Adams Wai-Kin Konga, David Zhanga, Guangming Luc
Title : A study of identical twins’ palmprints for personal verification
In : Pattern Recognition -
Address :
Date : 2006

Balaji Ganeshana, Dhananjay Theckedathb, Rupert Younga, Chris Chatwina - Biometric iris recognition system using a fast and robust iris localization and alignment procedure
Optics and Lasers in Engineering 44(1):1--24, January 2006
Bibtex
Author : Balaji Ganeshana, Dhananjay Theckedathb, Rupert Younga, Chris Chatwina
Title : Biometric iris recognition system using a fast and robust iris localization and alignment procedure
In : Optics and Lasers in Engineering -
Address :
Date : January 2006

Arun Ross, Anil Jain - Information fusion in biometrics
Pattern Recognition Letters 24(13):2115--2125, September 2003
Bibtex
Author : Arun Ross, Anil Jain
Title : Information fusion in biometrics
In : Pattern Recognition Letters -
Address :
Date : September 2003

Colin Soutar - Implementation of Biometric Systems — Security and Privacy Considerations
Information Security Technical Report 7(4):49--55, December 2002
Bibtex
Author : Colin Soutar
Title : Implementation of Biometric Systems — Security and Privacy Considerations
In : Information Security Technical Report -
Address :
Date : December 2002

Anil K. Jain, Salil Prabhakar,and Sharath Pankanti - On the similarity of identical twin fingerprints
Pattern Recognition 35(11):2653--2663, November 2002
Bibtex
Author : Anil K. Jain, Salil Prabhakar,and Sharath Pankanti
Title : On the similarity of identical twin fingerprints
In : Pattern Recognition -
Address :
Date : November 2002

Doroteo T. Toledano, Rubén Fernández Pozo, Álvaro Hernández Trapote, Luis Hernández Gómez - Usability evaluation of multi-modal biometric verification systems
Interacting with Computers 18(5):1101--1122, September 2006
Bibtex
Author : Doroteo T. Toledano, Rubén Fernández Pozo, Álvaro Hernández Trapote, Luis Hernández Gómez
Title : Usability evaluation of multi-modal biometric verification systems
In : Interacting with Computers -
Address :
Date : September 2006

Daugman, J. - How iris recognition works
Circuits and Systems for Video Technology, IEEE Transactions on 14(1):21--30, January 2004
http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=1262028
Bibtex
Author : Daugman, J.
Title : How iris recognition works
In : Circuits and Systems for Video Technology, IEEE Transactions on -
Address :
Date : January 2004

Anil Jain, Lin Hong, Sharath Pankanti - Biometric identification
Commun. ACM 43(2):90--98, New York, NY, USA,2000
Bibtex
Author : Anil Jain, Lin Hong, Sharath Pankanti
Title : Biometric identification
In : Commun. ACM -
Address : New York, NY, USA
Date : 2000


Surveys

Things to check:

NIST Face Recognition Vendor Test (FRVT) 2006 and the Iris Challenge Evaluation (ICE) 2006

- Public Attitudes Toward the Uses of Biometric Identification Technologies by Government and the Private Sector
,2002
http://dematerialisedid.com/PDFs/Biometricsurveyfindings.pdf
Bibtex
Author :
Title : Public Attitudes Toward the Uses of Biometric Identification Technologies by Government and the Private Sector
In : -
Address :
Date : 2002


A. Simon, D. M. Worthen,, J. A. Mitas - An evaluation of iridology
,1979
Bibtex
Author : A. Simon, D. M. Worthen,, J. A. Mitas
Title : An evaluation of iridology
In : -
Address :
Date : 1979