±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 3 Overall: 35388
New Yesterday: 4 Visitors: 176

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

Mac OS pick one

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

armresl
Senior Member
 

Mac OS pick one

Post Posted: Aug 19, 18 18:16

Since my Linux distro thread went nowhere, I wanted to try this.

You can pick one piece of software to acquire (I say that because of the keyboard and trackpad limitations) and analyze Mac OS products (besides Iphones)

Katana
Sumuri
Blackbag
Other.

Which and why.

Thanks to all.
_________________
Why order a taco when you can ask it politely?

Alan B. "A man can live a good life, be honorable, give to charity, but in the end, the number of people who come to his funeral is generally dependent on the weather. " 
 
  

randomaccess
Senior Member
 

Re: Mac OS pick one

Post Posted: Aug 20, 18 02:37

You cant really group acquire and analyse for this question.

For example you can acquire Mac's using recon imager or macquisition
But to analyse them you need recon lab or blacklight.

It also depends on how you come across devices.

Macquisition has live acquisition, data capture, and memory acquisition on live devices. But costs more.
Recon imager doesn't. But you may not come across those devices so it's worth the discount

I haven't played with katana stuff. Or recon lab.

There's just a few different things to consider.

I think if money wasn't an issue I'd go the blackbag kit because it has more functionality.
But then if I didn't need the live stuff, recon imager and blacklight would do you well. Then again recon lab may work just as well, don't know, haven't played with it.

Edit: meant to say can't group acquire and analyse together.  

Last edited by randomaccess on Aug 20, 18 18:02; edited 2 times in total
 
  

armresl
Senior Member
 

Re: Mac OS pick one

Post Posted: Aug 20, 18 13:18

Thanks random.

All the devices would be turned off and password provided.

- randomaccess
You can really group acquire and analyse for this question.

For example you can acquire Mac's using recon imager or macquisition
But to analyse them you need recon lab or blacklight.

It also depends on how you come across devices.

Macquisition has live acquisition, data capture, and memory acquisition on live devices. But costs more.
Recon imager doesn't. But you may not come across those devices so it's worth the discount

I haven't played with katana stuff. Or recon lab.

There's just a few different things to consider.

I think if money wasn't an issue I'd go the blackbag kit because it has more functionality.
But then if I didn't need the live stuff, recon imager and blacklight would do you well. Then again recon lab may work just as well, don't know, haven't played with it.

_________________
Why order a taco when you can ask it politely?

Alan B. "A man can live a good life, be honorable, give to charity, but in the end, the number of people who come to his funeral is generally dependent on the weather. " 
 
  

UnallocatedClusters
Senior Member
 

Re: Mac OS pick one

Post Posted: Aug 20, 18 16:07

I own two licenses of Recon Imager - works very well.

I also recently purchased a license of BlackLight - works very well.  
 
  

Wardy
Senior Member
 

Re: Mac OS pick one

Post Posted: Aug 21, 18 02:46

I would say Blacklight every day. Some people may think I am biased as I worked on the early versions of it.

However, my opinion is based on the fact it follows the Apple ethos - it just works. It works well, is intuitive and gives me the results I need every time.  
 

Page 1 of 1