An Evaluation of Windows-Based Computer Forensics Application Software Running on a Macintosh¹
 

Gregory H. Carlton
California State Polytechnic University
ghcarlton@csupomona.edu
 

ABSTRACT

The two most common computer forensics applications perform exclusively on Microsoft Windows Operating Systems, yet contemporary computer forensics examinations frequently encounter one or more of the three most common operating system environments, namely Windows, OS-X, or some form of UNIX or Linux. Additionally, government and private computer forensics laboratories frequently encounter budget constraints that limit their access to computer hardware. Currently, Macintosh computer systems are marketed with the ability to accommodate these three common operating system environments, including Windows XP in native and virtual environments. We performed a series of experiments to measure the functionality and performance of the two most commonly used Windows-based computer forensics applications on a Macintosh running Windows XP in native mode and in two virtual environments relative to a similarly configured Dell personal computer. The research results are directly beneficial to practitioners, and the process illustrates affective pedagogy whereby students were engaged in applied research.
 

Keywords: Computer Forensics, Macintosh, EnCase, FTK, Digital Forensics, Workstation Validation, Forensic Application Software.

1. Reprint: This paper is publicly available as a reprint subject to the ADFSL Copyright. To view or download the paper, click here.