How to forge a digital alibi on Mac OS X

Abstract

Digital evidence is increasingly being used in court cases. It consists of traces left on digital devices from which one can infer information about the actions performed on those digital devices. Digital evidence can be on computers, phones, digital cameras belonging either to an alleged offender or to third parties, like servers operated by ISPs or by companies that offer web services, such as YouTube, Facebook and Gmail. Digital evidence can either be used to prove that a suspect is indeed guilty or to prove that a suspect is instead not guilty. In the latter case the digital evidence is in fact an alibi. However digital evidence can also be forged giving an offender the possibility of creating a false digital alibi. Offenders can use false digital alibi in a variety of situations ranging from ordinary illegal actions to homeland security attacks. The creation of a false digital alibi is system-specific since the digital evidence varies from system to system. In this paper we investigate the possibility of creating a false digital alibi on a system running the Mac OS X 10.7 Lion operating system. We show how to construct an automated procedure that creates a (false) digital alibi on such a system. © 2012 IFIP International Federation for Information Processing.