Forensics

Recently I went looking for some reference content on ZIP files and how timestamps behave in a ZIP along with what I could determine about files within a ZIP. Sadly I came up empty, either due to there being very little available online, or just my impatience. So I thought I'd spend some time writing up some research I did for the next person that is looking for reference content. Essentially, I wanted to know how do timestamps behave when it comes to ZIP files, do any timestamps stay the same and what timestamps are lost when you archive a…

The following process walks through how to mount an Apple Disk Image, or more commonly known as a .dmg file. This process walks through mounting the HFS section of a .dmg file on a Linux system to allow the extraction of files for further analysis. Step 1 - Checking The File Type To begin with, I usually check what type of .dmg file it is with the "file" command. This is done to understand if it is a compressed or uncompressed .dmg file. $ file application.dmg The output you could typically expect could be: application.dmg: data which…