Difference between revisions of "Mac forensics"
From Simson Garfinkel
Jump to navigationJump to search
m |
m (→On the Web) |
||
| Line 3: | Line 3: | ||
==On the Web== | ==On the Web== | ||
* [https://www.blackbagtech.com/resources/mac-forensics.html BlacBag Technologies] site. | * [https://www.blackbagtech.com/resources/mac-forensics.html BlacBag Technologies] site. | ||
* [https://macforensicslab.com MacForensics Lab] | |||
* [https://groups.yahoo.com/neo/groups/macos_forensics/info Mac Forensics Yahoo Group] | * [https://groups.yahoo.com/neo/groups/macos_forensics/info Mac Forensics Yahoo Group] | ||
* [https://www.blackbagtech.com/blog/2014/11/13/imaging-a-filevault-2-encrypted-volume-using-macquisition-2/ Imaging a FileVault 2-Encrypted Volume using Macquisition] | * [https://www.blackbagtech.com/blog/2014/11/13/imaging-a-filevault-2-encrypted-volume-using-macquisition-2/ Imaging a FileVault 2-Encrypted Volume using Macquisition] | ||
* [https://www.blackbagtech.com/blog/2015/04/08/imaging-a-fusion-drive-with-filevault-2-encryption-using-macquisition/ Imaging a Fusion Drive with FileVault 2 Encryption using Macquisition] | * [https://www.blackbagtech.com/blog/2015/04/08/imaging-a-fusion-drive-with-filevault-2-encryption-using-macquisition/ Imaging a Fusion Drive with FileVault 2 Encryption using Macquisition] | ||
* [https://www.forensicswiki.org/wiki/Mac_OS_X Mac OS X on Forensics Wiki] | * [https://www.forensicswiki.org/wiki/Mac_OS_X Mac OS X on Forensics Wiki] | ||
==Apple's Resources== | ==Apple's Resources== | ||
Revision as of 08:56, 3 November 2018
Notes on Mac Forensics.
On the Web
- BlacBag Technologies site.
- MacForensics Lab
- Mac Forensics Yahoo Group
- Imaging a FileVault 2-Encrypted Volume using Macquisition
- Imaging a Fusion Drive with FileVault 2 Encryption using Macquisition
- Mac OS X on Forensics Wiki
Apple's Resources
Drive Image Tools
Forensics Programs
- BlackLight®, by BlackBag Technologies
Terminal Hacks
Is FV2 running?
fdsetup status
People
Ryan Kubasiak, previously ran http://www.macosxforensics.com/, now on the digital crimes team at Apple
Archives
- MacOS X Forensics, Philip Craiger and Paul Burke, IFIP, DigitalForensics 2006, Advances in Digital Forensics II
Course Ideas
- Cracking FileVault2 with JohnTheRipper
- The Diskutil command
