free tools for use ...
 
Notifications
Clear all

free tools for use on Mac OS

7 Posts
5 Users
0 Likes
425 Views
(@tootypeg)
Posts: 173
Estimable Member
Topic starter
 

Im looking for something like an FTKi to preview disk images but to run on MAC OS. Also it would have to be free. Is there anything out there, I cant seem to find anything?

 
Posted : 28/02/2018 2:44 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Im looking for something like an FTKi to preview disk images but to run on MAC OS. Also it would have to be free. Is there anything out there, I cant seem to find anything?

Preview in the sense of "exploring" or "viewing contents" without mounting it? ?
I.e. what - normally on Windows - 7-zip can do?

There is the B1 Archiver that supports DMG images, no idea how good it is on Mac, nor if it supports (or can support) other types of disk images.

jaclaz

 
Posted : 28/02/2018 3:16 pm
(@deltron)
Posts: 125
Estimable Member
 

Im looking for something like an FTKi to preview disk images but to run on MAC OS. Also it would have to be free. Is there anything out there, I cant seem to find anything?

can you use wine and run ftk in that

 
Posted : 28/02/2018 3:33 pm
UnallocatedClusters
(@unallocatedclusters)
Posts: 577
Honorable Member
 

You might try the analysis tools within DEFT Linux

1. Download and install Virtual Box for Mac OSX https://www.virtualbox.org/wiki/Downloads

2. Download and install DEFT Linux's Virtual App http//na.mirror.garr.it/mirrors/deft/vapp/

 
Posted : 28/02/2018 5:13 pm
(@tootypeg)
Posts: 173
Estimable Member
Topic starter
 

Cheers everyone. Basically just a little tool to allow me to browse an E01. Tried crossover (wine recommends) but it would install FTKi for me.

Downloading a the vm now.

Also tried to install autopsy which was an absolute nightmare and didnt work.

why didnt I just by a windows laptop cry cry x x x x

 
Posted : 28/02/2018 5:21 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Cheers everyone. Basically just a little tool to allow me to browse an E01.

Then what about the Mac OS version of libewf?

https://github.com/libyal/libewf/wiki

Still you will need to compile it by yourself, I don't think any pre-compiled binary is available.

With all due respect for Joachim Metz ) (and for the large number of similar good guys writing and making public their excellent programs) I still completely fail to understand why in most cases it is impossible to have a ready-made, surely working tool (as opposed to having to go through n iterations to setup a compiling environment and run the compiler and finding out that it doesn't work and try again after having patched the source, etc., etc.). ?

Sometimes I feel like a number of good programmers have some form of sadism and have some fun in having less knowledgeable people experience the same difficulties they have everyday fighting with this or that OS or compiling environment. (

Maybe - just maybe - you can try installing the sleuthkit and/or Autopsy via brew/Homebrew
https://docs.brew.sh/

http//brewformulas.org/Sleuthkit
http//brewformulas.org/Autopsy

http//macappstore.org/sleuthkit/
http//macappstore.org/autopsy/

jaclaz

 
Posted : 28/02/2018 6:06 pm
(@hommy0)
Posts: 98
Trusted Member
 

If you have access to encase, the following enscript can convert the evidence file to a DD and will allow you to use DMG (Apple disk image)

Once as a DMG you can mount on the Mac. You can also use HDIUTIL to shadow mount so any writes do not impact the evidence DMG.

https://www.guidancesoftware.com/app/Evidence-File-Converter

 
Posted : 28/02/2018 8:21 pm
Share: