macOS Forensis – Analyze file timestamps in deep

In digital forensics, analyzing timestamps can provide valuable insights into the timeline of events and help reconstruct a digital crime scene. This article focuses on macOS forensics and delves into the analysis of timestamps using a real-world example.

By examining the metadata of a file, specifically the “icon.png.webp” file, we will explore various timestamps and their significance in forensic investigations.


Example

Let’s start by analyzing the metadata of the “icon.png.webp” file using the “mdls” command in macOS, generally located in /usr/bin/mdls.

Read More