Site Sponsors

Custom Search


Emailchemy


MacForensicsLab


Access Data


Amazon Macintosh Deals




affiliate_link

Latest News!RSS_subscribe_button
(updated August 25, 2010)
  • Mobilyze 1.1 - BlackBag Technologies has released version 1.1 of their iPhone, iPad and iPod Touch analysis software.
  • Disk Arbitrator 0.3.2 - an update has been posted which takes care of a small bug in the user interface when attempting to Shows Disks.
  • MobileSyncBrowser v4 - the latest version of MobileSyncBrowser is available from Vaughn Cordero
  • Epoch Time Convertor - I have just uploaded a simple Applescript application that converts Epoch time to Calendar time. (Link fixed!)

Past News
  • Sam Brothers has written a new article titled iPhone Tool Classification. In this article, he explores the varying degrees of data extraction that can be performed on the iPhone with many of the available tools today. This article breaks down the level of “intrusiveness” each tool or method has and compares it to the data obtained. UPDATE: PDF version now available
  • Selena Ley has written a new article about Safari Browser Analysis. In this article, she explores the files that you will find useful when performing a Macintosh or Windows examination with Safari installed.
  • A new article on DFI News website titled “Pieces of Eight: iPods, iPads, iPhones, and SQLite” should be of interest to you. Mike Harrington has written about SQLite files and how they pertain to the iPhone, iPad and iPod Touch. SQLite3 is heavily used throughout OS X and this article is an excellent read.
  • F-Response 3.09.08 Released - All versions of F-Response (TACTICAL, Enterprise, etc.) have been updated to 3.09.08 to include new features.
  • We have reviewed BlackBag Technologies Mobilyze application with this article. We run thru a few of the prominent features of the application, drill down to pertinent case data, and generate a sample report.
  • Mounting HFS+ in Linux - Andy Hoog of viaForensics has written a great blog post regarding mounting HFS+ partitions in the Linux operating system
  • Access Data releases FTK Imager for Macintosh - Access Data has released a command line version of its free FTK Imager. You can download it from their website here.
  • FTK v3 & Macintosh Forensics - an article written by Brian Salmon showing the new features of Access Data’s latest release of FTK and how it applies to analyzing Macintosh data.
  • Raptor 2.0 Released - Forward Discovery has released Raptor v2 of its Linux boot CD. See their website for full details of all of the new features of the boot CD and the new bootable USB device.
  • Sleuth Kit and Mac OS X - an article we have written to show the power of Brian Carrier’s Sleuth Kit in creating timelines with HFS+ file systems. The Sleuth Kit includes several command line utilities that can give in-depth looks into many different file systems. In this article, we take a look at ‘fls’ and ‘mactime’ to create a timeline of events on an OS X live system.

New or Updated Macintosh Forensic Tools

See all of the recommended tools on the Mac Forensics Tools and Resources pages.
breadcrumb   →  Welcome