Home |  Log In  
Forensics and eDiscovery technologies for Mac OS X, Microsoft Windows, and Linux

05: Core Functions

This section will outline the core functions of MacForensicsLab for further, detailed discussion.

The Core Functional Areas of MacForensicsLab

  • Preferences Window
  • Main Window
  • Acquire Window
  • Search Window
  • Analyze Window
  • Salvage Window
  • Browse Window
  • Audit Window
  • Hash Window
  • Bookmarks & Notes
  • Database Window

The Preferences Window

This section will cover the Preferences Window settings and configuration.

Overview The ‘Preferences’ window allows the examiner to setup and manage both individual cases and examiners within MacForensicsLab. In addition, it enables the examiner to configure MacForensicsLab database settings and even configure an e-mail based notification feature.

Finding the Preferences Window

Preferences

The ‘Preferences’ window will, by default, appear at start-up once the MacForensicsLab splash screen has disappeared.  To return to the ‘Preferences’ window after progressing to the ‘Main’ window, the examiner must select “Preferences” from the MacForensicsLab application drop menu, or use the keyboard shortcut [Command] + , [Comma].  In order to disable the ‘Preferences’ window from appearing at start-up the examiner should deselect the “Show this window at start-up” check box in the bottom left hand corner of the window.

The Preference Window Layout
Preference pane window.

The Preference Window has four sections, each containing their own preference information. The four sections are: Database (1), Examiners (2), Cases (3) and eMail (4).

The Database Preference Pane
The Database preferences pane.

By default the Database will be disabled (1).

Configuring a Local Database File

MacForensicsLab allows the examiner to harness the power of a database solution without having to associate with a remote database. The creation of a local database file enables examiners to take advantage of a database while not requiring the infrastructure incurred with larger solutions.

To create a local database file, select Local File (1), and then "Create." (2)

Selecting a Location for the Local Database File
Setting the local database file.

Once you select "Create" in the previous step, a navigation box will appear allowing the examiner to select the location of the local database file (by default it will place the file in the Documents folder and will be named MacForensicsLab Database.rsd.

Checking the Local File Database Path
Local database file.

Once the examiner has chosen a location for the Local Database file to be stored, they are returned to the Database Window, where the path chosen is displayed (1).

REAL SQL Setup
REAL SQL setup.

If the examiner access to a REAL SQL database, then MacForensicsLab allows for seamless integration. Select the REAL SQL tab (1). Then by filling out the form fields (2), and selecting the "Connect" button (3), the examiner will then be able to take advantage of power of the REAL SQL database.

MySQL Setup
MySQL setup.

If the examiner access to a MySQL database, then MacForensicsLab allows for seamless integration. Select the MySQL tab (1). Then, by filling out the form fields (2), and selecting the "Connect" button (3), the examiner will then be able to take advantage of power of the MySQL database.

The Examiners Tab
The Examiner tab.

Select the Examiners Tab (1). The Examiners Tab is where an examiner enters their identifiable information. By default, there is a "Default" examiner (2). To add an examiner, select the "+" radio button (3) and a pop-up window will appear.

Configuring Examiner Specific Data
The Examiner entry screen.

The pop-up window allows the examiner to enter specific information by filling out the form fields (1). It should be noted, that these fields can be changed at any time by selecting the "Edit" button from within the Examiner's tab. Likewise it is important to note that none of these fields are not required.

Save the Form
Enter Examiner information.

Once the examiner specific form fields are filled out, select the "Save" button, thus returning the examiner to the Preferences Window.

Confirm the Correct User
Confirm the Examiner information.

The user information entered will be reflected under the Examiners Tab (1), which is where you will be automatically returned to upon selecting "Save" in the previous step.

The Cases Tab
The Case tab.

To add a case, select the "Cases" Tab (1) from the Preferences window and select the "+" button (2). Once selected, a pop-up window will appear.

Fill Out Case Details
Set case details.

The Case Details window has two sections, the Case ID (1) and the Description (2). The Case ID represents a field where the examiner would enter the case number. The Case Description field is a simple text field enabling the examiner to input additional case information.

Complete Case Details Pop-up
Enter case details.

Complete the Case Details pop-up window and select "Save."

Verify Case Information
Verify case information.

Upon completing the previous step, the examiner is returned to the Preferences Pane, wherein he/she can verify the correct case is selected (1).

eMail Tab Setup
Enter email settings.

By selecting the eMail tab (1) and filling out the form fields (2) and testing the connection (3), The examiner is now able to receive password notification when MacForensicsLab has completed it current process. Once configured, press "Continue" (4).


Product 5/19

04: Case PreparationPrevious
Return to the Product List
Next06: Main Window
 | Home | 

Copyright © 2006 - 2010 MacForensicsLab Inc.
Phone +1 (510) 870-7883 - Fax +1 (510) 868 3407
Mac and the Mac logo are trademarks of Apple Computer, Inc., registered in the U.S. and other countries.

Forensics Technologies - designed to perform investigations, for law enforcement and eDiscovery professionals.

MacForensicsLab - The only effective cross-platform weapon in the war on Cyber Crime and Digital Terrorism,
with unique tools designed to combat identity theft and child pornography.

Your IP Address is: 54.234.231.49