Hey, I am a student of Digital Forensics and am exploring Mac Forensics, which is quite abstract because there are few resources available online for researching about it.
I am currently parsing Domain Active Directory information (/Library/Preferences/OpenDirectory/Configurations/"Active Directory/MYDOMAIN.plist") and am trying to figure out what the values mean.... I am no System Administrator so many of these terms are a bit foreign to me, so any help would be greatly appreciated.
There are fields such as "trustaccount" "trustkerberosprincipal" "trusttype" etc. that I am having trouble with in particular.
- Doing research into the possible values of "trusttype" is yielding fruitless results; I have scrounged that there are 4 possible values for the attribute, three of which seem to be "anonymous," "joined," and "authenticated;" what is the fourth and what does "Trust Type" mean?
- Similarly, "trustkerberosprincipal" is another funky field. To my understanding, a Kerberos Principal is some kind of server that allows connectivity between two domains in a trust, so "trustkerberosprincipal" attribute probably refers to "Kerberos server principal name if Kerberos authentication is enabled"
- "TrustAccount" I can assume is the name of the trust account... so the value is "researchmac-30$" where the "trustkerberosprincipal" is "researchmam-30$@RESEARCH.MYDOMAIN"
Thanks in advanced! (Also, if you have a recommendation for another subreddit where this would be more appropriate, please let me know)
[link] [comments]
Post a Comment