This lesson is designed to demonstrate how to use the filter feature in MacLockPick.
Insert MacLockPick into USB Port
This demo is done using Mac OS X as the base system, however the process, with slight modification applies to other operating systems as well. Insert the MacLockPick into a USB port on the computer. The device will automount as depicted above.
Select for Configuration
There are two icons mounted on the Desktop associated with MacLockPick, one named MACLOCKPICK and the other depicted above MacLockPick (OS X). Double click on the icon MacLockPick (OS X).
Locate the Setup Application
The iconic representation of the contents of the MacLockPick (OS X) icon appear above. Select the Applications - OS X folder by double clicking on it.
Launch the Setup Application
Select the MacLockPick Setup.app (depicted with the number 1 above) by double clicking on it to launch the application.
Create a Customized Plug-In
The Setup application will open providing a list of all current plug-ins. To add a plug-in, select the "+" in the lower right corner.
The Plug-in Window
Once the "+" button is selected, the Plug-in window opens.
Name the Plug-in
The Plug-in window allows the user to name the plug-in (1) and define its type (2).
Design the Plug-in
The Plug-in design window is divided into three parts: The Plu-gin Name, the Data and the Operating System. To create a custom filter, allowing the user to sort through a folder and return only the findings with a .pdf extension we will fill out the information depicted above. First, describe the plug-in (1), then enter the filter (in this case the .pdf extension), since we will be finding a folder relative to the user, we will select buttons (3 and 4). Since we are expecting a relatively small output, we will keep the files and folders in the native format (5), (meaning they will be exported directly as opposed to using the built-in MacLockPick Archive tool). Next enter the path to the folder (6), select the operating system the new plu-gin pertains to (7) and select "Save" (8).
Checking the Plug-in
When you save the custom built plug-in, the Setup window opens again, allowing you to review all the plugins, to include your new one. Make sure your new plugin is selected as indicated by the checkbox to the right (1), then select "Quit" (2).
Run MacLockPick
Once you quit the Setup window, you will be at the MacLockPick applications window. Select the MacLockPick application by double clicking on it to invoke MacLockPick.
MacLockPick Completion
Once MacLockPick completes its operations, the above dialogue box will open informing the user that the results are located in the "MacLockPick Output Folder," (1) select "OK" (2).
Locating the MacLockPick Output Folder
From the Desktop, select the "MACLOCKPICK" icon (1) by double clicking on it.
Open the MacLockPick Output Folder
As the volume opens, locate the MacLockPick Output Folder, double click on the MacLockPick Output Folder and select the appropriate result (the results are arranged by username and date/time stamp).
Reviewing the Results
Locate the folder containing the MacLockPick output and open it by double clicking on it.
Reviewing the Filter Results
The MacLockPick Output will contain, by default several files, the .bash_history file (1), the Log Database (2) and a Screenshot (3) of the computer screen from which MacLockPick was run. In addtion to these files will be any number of additonal elements the user selected or created, in this case the results of the custom .pdf filter we created (4). Open the folder containing the .pdf filter results by double clicking on the appropriate folder (4).
Review the Custom Filter Results
Contained within the customized filter folder are the results of the search, in this case, only the .pdf files were exported from the folder (Dog_Training).
