Difference between revisions of "Mac forensics"
From Simson Garfinkel
Jump to navigationJump to search
| Line 23: | Line 23: | ||
==Forensics Programs== | ==Forensics Programs== | ||
* [https://www.blackbagtech.com/blacklight.html BlackLight®], by BlackBag Technologies | * [https://www.blackbagtech.com/blacklight.html BlackLight®], by BlackBag Technologies | ||
* https://davidkoepi.wordpress.com/2011/06/12/macosxaddressbookforensics/ | |||
==Terminal Hacks== | ==Terminal Hacks== | ||
Revision as of 09:00, 3 November 2018
Notes on Mac Forensics.
On the Web
- BlacBag Technologies site.
- MacForensics Lab
- Mac Forensics Yahoo Group
- Imaging a FileVault 2-Encrypted Volume using Macquisition
- Imaging a Fusion Drive with FileVault 2 Encryption using Macquisition
- Mac OS X on Forensics Wiki
Apple's Resources
Other curricula
Drive Image Tools
Forensics Programs
- BlackLight®, by BlackBag Technologies
- https://davidkoepi.wordpress.com/2011/06/12/macosxaddressbookforensics/
Terminal Hacks
Is FV2 running?
fdsetup status
People
Ryan Kubasiak, previously ran http://www.macosxforensics.com/, now on the digital crimes team at Apple
Archives
- MacOS X Forensics, Philip Craiger and Paul Burke, IFIP, DigitalForensics 2006, Advances in Digital Forensics II
Course Ideas
- Cracking FileVault2 with JohnTheRipper
- The Diskutil command
