Welcome

@appleexaminer (Twitter) or RSS

Latest News!
(updated January 26, 2012)

MacQuisition 2012.1 from BlackBag Technologies released - MacQuisition 2012.1 has been released with significant new features expanding this utility well beyond imaging of Macs. Included is targeted acquisition, live data acquisition, acquisition and hash monitoring, ThunderBolt support, and OS X 10.7 support.
MacForensicsLab v4.0 - SubRosaSoft's MacForensicsLab 4.0 is a suite of forensics and analysis tools for Mac, Linux, and Windows storage devices. It provides device imaging, in-depth catalogs, keyword searching and analysis block by block, file salvage, disk arbitration management, and drive cleaning. This release has been rewritten "to take full advantage of the power of Mac OS X" and adds redesigned navigation for the main window, a new search interface and functions, improved bookmark management, and improvements for the user-selectable auditing function. MacForensicsLab is $1,495 ($495 upgrade) for Mac OS X 10.4 and up (Universal Binary on dual-boot CD).
iPhone Forensics by Satish Bommisetty - an article about recovery of iOS 5 artifacts on a live iPhone has been posted by author Satish Bommisetty using open-source tools released from Sogeti Labs.
Cellebrite UFED 1.1.9.0 released - Cellebrite UFED 1.1.9.0 has been released with enhanced supported for iOS. It now offers real-time keychain decryption revealing user passwords and iOS 5.1 beta 2 logical and file system extraction via the UFED.
ATC-NY has announced free training - ATC-NY has announced free training for Mac Marshal, their free triage tool that is OS X and Windows based. Mac Marshal gives analysts a very clear insight into the Apple Environment being triaged including internet artifacts, virtual machines, Boot Camp info, eMail, and more.
BlackLight R5 released - BlackBag Technologies has released BlackLight R5 of their OS X and Windows based digital forensics application suite. This release brings along enhancements and fixes to the previous version. Notably, decoding of user(s) login password, optimized picture processing and metadata tagging, reporting enhancements, importing of third party data and optimizations for both operating systems.
Hex Fiend - Hex Fiend by ridiculous_fish is an open source hex editor that has an excellent GUI, is very fast to use, and likely will help in your digital forensics

Now is a great time to visit our Apple Examiner Store. Show off your Apple Examiner side with items embroidered with our logo!

Past News

Disk Images - We have written an article on the Apple virtual disk format, DMG, and how to convert between compressed and uncompressed when needed.
PDF Files and PDFPen Pro - We have written an article about case reports and specifically the PDF format. We use the application PDFPen Pro to look at embedded data, redact data, and edit the PDF files to create great looking reports at case completion.
Mac Marshal 3.0 released - ATC-NY has released the latest version of Mac Marshal. Notable in this release is Lion compatibility, analysis of iCloud configs, bluetooth history, and a new Windows version.
Mac Memory Reader updated - ATC-NY has updated the free Mac Memory Reader to include a new option to dump “reserved” regions of RAM such as shared video RAM.

Use our Amazon Store for all of your 2012 shopping this year and support our site at the same time.

New or Updated Macintosh Forensic Tools

Reader, Vendor and Company Reminder - this website is kept up-to-date by all of us as a community. Please freely send links to great articles, news about Apple digital forensic updates, new versions of programs we all like to use, or simply something we have failed to list in one of the sections. This is our site. Thank you to everyone for your help and contributions! REMINDER: This includes all companies. Please email me with news of your latest versions so I can spread the word!

breadcrumb → Welcome

Our Site Sponsors