Notifications
Clear all

Hfs+ Journal Parser

pr3cur50r
(@pr3cur50r)
Junior Member

Hello, I have been having some issues with AHJP and Kazamia's EnScript for parsing hfs+ which the developers are kindly looking into at the moment but in the mean time I thought it may be worth while asking if anyone in the forum is aware of any other open source/paid for alternatives to these tools? Thanks in advance!

Quote
Topic starter Posted : 09/08/2016 4:30 am
lars
 lars
(@lars)
Junior Member

BlackLight - https://www.blackbagtech.com/software-products/blacklight.html

ReplyQuote
Posted : 10/08/2016 4:03 am
pr3cur50r
(@pr3cur50r)
Junior Member

Thanks for your suggestion lars, are you aware of any other open source alternatives?
Kind Regards

ReplyQuote
Topic starter Posted : 10/08/2016 5:14 am
lars
 lars
(@lars)
Junior Member

No - I'm not aware of any open source tools that can currently do this.

ReplyQuote
Posted : 10/08/2016 6:01 am
pr3cur50r
(@pr3cur50r)
Junior Member

Thanks anyway lars, much appreciated.

ReplyQuote
Topic starter Posted : 17/08/2016 6:30 am
citizen
(@citizen)
Junior Member

https://digital-forensics.sans.org/media/FOR518-Reference-Sheet.pdf
https://support.apple.com/en-ph/HT201711
http//ntfs.com/hfs.htm

Maybe start with a tiny image with a text file and a folder. (do things (Structured/documented things) -> capture -> analyze)

Hope this helps you along.

ReplyQuote
Posted : 17/08/2016 6:51 pm
mokosiy
(@raydenvm)
Junior Member

It looks like Dave Cowen offers HFS journal parser for free https://www.gettriforce.com/product/hfs-journal-parser/

ReplyQuote
Posted : 19/08/2016 2:35 pm
thefuf
(@thefuf)
Active Member
Share: