Notifications
Clear all

Hfs+ Journal Parser

8 Posts
5 Users
0 Likes
1,177 Views
pr3cur50r
(@pr3cur50r)
Posts: 28
Eminent Member
Topic starter
 

Hello, I have been having some issues with AHJP and Kazamia's EnScript for parsing hfs+ which the developers are kindly looking into at the moment but in the mean time I thought it may be worth while asking if anyone in the forum is aware of any other open source/paid for alternatives to these tools? Thanks in advance!

 
Posted : 09/08/2016 3:30 am
 lars
(@lars)
Posts: 31
Eminent Member
 

BlackLight - https://www.blackbagtech.com/software-products/blacklight.html

 
Posted : 10/08/2016 3:03 am
pr3cur50r
(@pr3cur50r)
Posts: 28
Eminent Member
Topic starter
 

Thanks for your suggestion lars, are you aware of any other open source alternatives?
Kind Regards

 
Posted : 10/08/2016 4:14 am
 lars
(@lars)
Posts: 31
Eminent Member
 

No - I'm not aware of any open source tools that can currently do this.

 
Posted : 10/08/2016 5:01 am
pr3cur50r
(@pr3cur50r)
Posts: 28
Eminent Member
Topic starter
 

Thanks anyway lars, much appreciated.

 
Posted : 17/08/2016 5:30 am
citizen
(@citizen)
Posts: 38
Eminent Member
 

https://digital-forensics.sans.org/media/FOR518-Reference-Sheet.pdf
https://support.apple.com/en-ph/HT201711
http//ntfs.com/hfs.htm

Maybe start with a tiny image with a text file and a folder. (do things (Structured/documented things) -> capture -> analyze)

Hope this helps you along.

 
Posted : 17/08/2016 5:51 pm
mokosiy
(@mokosiy)
Posts: 54
Trusted Member
 

It looks like Dave Cowen offers HFS journal parser for free https://www.gettriforce.com/product/hfs-journal-parser/

 
Posted : 19/08/2016 1:35 pm
(@thefuf)
Posts: 262
Reputable Member
 

https://github.com/bored-engineer/iOS-DataProtection/tree/master/python_scripts/hfs

 
Posted : 19/08/2016 2:05 pm
Share: