Forums
Main Category
General (Technical,...
FTK Imager and Mac
 
Notifications
Clear all

FTK Imager and Mac

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by douglasbrush 15 years ago
6 Posts
4 Users
0 Reactions
2,107 Views
RSS
rayp
 rayp
(@rayp)
Eminent Member
Joined: 16 years ago
Posts: 42
Topic starter 03/02/2011 1:15 am  

Has anyone used the command line version of FTK Imager on their Mac? If so, how easy was it to use via the command line. Thank you in advance


   
Quote
 ddewildt
(@ddewildt)
Estimable Member
Joined: 17 years ago
Posts: 123
03/02/2011 1:37 am  

Yes, and its very easy to use. Just run it with –help to get the list of commands and pick what you need.


   
ReplyQuote
rayp
 rayp
(@rayp)
Eminent Member
Joined: 16 years ago
Posts: 42
Topic starter 03/02/2011 2:24 am  

thank you


   
ReplyQuote
 davnads
(@davnads)
Eminent Member
Joined: 17 years ago
Posts: 41
03/02/2011 12:23 pm  

i recently wrote a blog entry about using the cmd line tool to acq os x machines. you can read it at http//www.davnads.blogspot.com it may also be worth noting that there is also a beta GUI interface to this cmd line utility available. I think it can be downloaded on http//www.appleexaminer.com/


   
ReplyQuote
rayp
 rayp
(@rayp)
Eminent Member
Joined: 16 years ago
Posts: 42
Topic starter 05/02/2011 5:35 am  

davnads, thank you very much. This is what I was looking for since I am new to Mac forensics


   
ReplyQuote
 douglasbrush
(@douglasbrush)
Prominent Member
Joined: 16 years ago
Posts: 812
05/02/2011 6:30 am  

davnads, thank you very much. This is what I was looking for since I am new to Mac forensics

Macs are very interesting to investigate. Also check out Inside The Core Podcast - I have found that they offer some very useful advice http//insidethecore.com/

There was just a post on the SANS blog about acquiring Macs as well
http//computer-forensics.sans.org/blog/2011/02/02/forensically-sound-mac-acquisition-target-mode


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: