MacLock Pick - 2007 Innovation Awards Winner: Forensics

MacLockPick is a live forensics tool for extracting passwords, Internet history, and system settings from a suspect's Mac OS X computer. MacLockPick is an indispensable tool for law enforcement professionals to perform live forensics on Mac OS X systems. The easy-to-use solution is based on a USB flash drive that can be inserted into a suspect's Mac OS X computer that is running (or sleeping). Once the MacLockPick software is run it will extract data from the Apple Keychain and system settings to provide the examiner fast access to the suspect's critical information with as little interaction or trace as possible. A database of the suspect's information is compiled on the flash drive to allow for easy transportation away from the suspect's system. This database can be read by the included log readers on Microsoft Windows, Linux, or Apple Mac OS X computers back at base.
The following is a list of file items that can be extracted using SubRosaSoft's MacLockPick:
• Apple Keychain passwords such as user password, Internet login password, wifi, AppleShare, and more.
• Files and Folder details such as creation modification, and the most recently accessed dates, recently accessed disk images, pictures, movies, applications and documents.
• Instant Messaging details such as password for iChat and complete buddy list - including buddies who have since been deleted.
• E-mail account details such as login names and server addresses used, address book, and the date and time of opened attachments.
• Web History and Preferences such as current and cached bookmarks, recently searched strings, cookies, and browsing history.
• Hardware Preferences such as serial numbers of connected iPods, hardware address of recently connected bluetooth devices, listings for wi-fi base stations, and MAC address for each integrated network interface on the suspect's machine.