±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35965
New Yesterday: 0 Visitors: 133

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Solutions for MacOS 10.14 Mojave

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

bntrotter
Senior Member
 

Solutions for MacOS 10.14 Mojave

Post Posted: Mar 25, 19 21:42

My enterprise is looking at introducing Macs into the environment; MacOS 10.14 Mojave. From what I gathered from OpenText, Encase does not support this version.

Are there forensic solutions out there that support the imaging and analysis of MacOS 10.14 Mojave.  
 
  

minime2k9
Senior Member
 

Re: Solutions for MacOS 10.14 Mojave

Post Posted: Mar 26, 19 14:28

Encase is pretty bad for non-windows file systems.

In terms of OS X Analysis, Blacklight is probably the most comprehensive tool in terms of artifacts recovered and is probably your only viable option if the filesystem is encrypted APFS. If the filesystem is not encrypted, then X-Ways provides a good alternative.

In terms of imaging, Macquisition is a good tool and now supports the T2 encryption chips in Macbooks (not personally tested!).
Other than that, any Linux distribution that you can boot to would be suitable for imaging (DEFT, PALADIN etc).  
 
  

Cbryant34
Newbie
 

Re: Solutions for MacOS 10.14 Mojave

Post Posted: Mar 30, 19 18:23

Cody here from the Product Development team at Magnet Forensics. Would suggest giving Magnet AXIOM 3.0 a try if you haven't. We added support for analysis of the APFS filesystem, including the ability to decrypt filevault2 encrypted images, and also added support for 20+ MacOS system artifacts. If you don't have AXIOM already and are interested I could get you a trial key. Shoot me an email at Cody.Bryant @ MagnetForensics.com.  
 

Page 1 of 1