±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 3 Overall: 36459
New Yesterday: 5 Visitors: 160

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Forensic software on a Macintosh computer

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

hassman
Newbie
 

Forensic software on a Macintosh computer

Post Posted: Dec 06, 04 18:11

Hello all,

My question is this. Will any forensics software run on a Macintosh computer? I am new to the Mac world and was just wondering.

Thanks,

Tom  
 
  

Andy
Senior Member
 

Re: Forensic software on a Macintosh computer

Post Posted: Dec 06, 04 18:53

Not that I know of. Most COTS forensic tools (EnCase, FTK, WinHex etc) are Windows based and will not run on a MAC. The file system, and processor are completely different to a PC (generally MAC=Big Endian, PC=Little Endian).

I am not too sure whether the Linux/Unix based stuff will work (i.e. Smart, Sleuth Kit, etc). The MAC OS is similar to UNIX, so if any were to be compatible it may be these. Perhaps some MAC guru can answer this? They are very rare and exceptionally geeky animals to find in the wild Smile

The MAC is an interesting and often overlooked system, with many inbuilt features that are very practical for Forensic work, for example, you can turn a MAC into a Firewire attached device in read only mode – 'Target Disk Mode', by pressing the ‘T’ key during boot. If attached to a Windows or Linux box, it displays as a storage device. This is an easy method of acquiring a MAC in EnCase (if you are perturbed at removing the HDD – which on some MAC computers and laptops is like open heart surgery).

There is always Virtual PC for MAC, which as a PC emulator/virtual environment for the MAC OS. You could use the Windows based tools in the virtual environment.

Take a look here for more info: -

homepage.mac.com/macbu...Guide.html

and here

www.blackbagtech.com/software.html

Andy  
 
  

keydet89
Senior Member
 

Re: Forensic software on a Macintosh computer

Post Posted: Dec 07, 04 15:17

I'm not a MAC forensic analyst, nor do I play one on TV...however...

blogs.23.nu/RedTeam/stories/4977/
homepage.mac.com/macbu...Guide.html
lists.virus.org/macsec...00000.html

Google is your friend!

H. Carvey
"Windows Forensics and Incident Recovery"
www.windows-ir.com  
 
  

nope
Member
 

Re: Forensic software on a Macintosh computer

Post Posted: Dec 07, 04 20:32

indeed. an intresting note as well, for those who aren't aware - os-x is based on bsd so essentially the door has been kicked down for several suites to be ported over.


- keydet89
I'm not a MAC forensic analyst, nor do I play one on TV...however...

blogs.23.nu/RedTeam/stories/4977/
homepage.mac.com/macbu...Guide.html
lists.virus.org/macsec...00000.html

Google is your friend!

H. Carvey
"Windows Forensics and Incident Recovery"
www.windows-ir.com
 
 
  

gdominguez
Newbie
 

Re: Forensic software on a Macintosh computer

Post Posted: Feb 28, 05 02:42

Hi,

If you run win XP inside Virtual PC version 7 you can run EnCase and FTK. I am in the process of testing the differences in performance so I can't say how well it works as compared to a PC. I will post results in the near future.

BlackBag Technologies also has Mac based forensic tools.

Greg  
 

Page 1 of 1