Forums
Main Category
General (Technical,...
Hfs+ Journal Parser
 
Notifications
Clear all

Hfs+ Journal Parser

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by thefuf 9 years ago
8 Posts
5 Users
0 Reactions
1,529 Views
RSS
pr3cur50r
 pr3cur50r
(@pr3cur50r)
Eminent Member
Joined: 15 years ago
Posts: 28
Topic starter 09/08/2016 4:30 am  

Hello, I have been having some issues with AHJP and Kazamia's EnScript for parsing hfs+ which the developers are kindly looking into at the moment but in the mean time I thought it may be worth while asking if anyone in the forum is aware of any other open source/paid for alternatives to these tools? Thanks in advance!


   
Quote
 lars
(@lars)
Eminent Member
Joined: 17 years ago
Posts: 31
10/08/2016 4:03 am  

BlackLight - https://www.blackbagtech.com/software-products/blacklight.html


   
ReplyQuote
pr3cur50r
 pr3cur50r
(@pr3cur50r)
Eminent Member
Joined: 15 years ago
Posts: 28
Topic starter 10/08/2016 5:14 am  

Thanks for your suggestion lars, are you aware of any other open source alternatives?
Kind Regards


   
ReplyQuote
 lars
(@lars)
Eminent Member
Joined: 17 years ago
Posts: 31
10/08/2016 6:01 am  

No - I'm not aware of any open source tools that can currently do this.


   
ReplyQuote
pr3cur50r
 pr3cur50r
(@pr3cur50r)
Eminent Member
Joined: 15 years ago
Posts: 28
Topic starter 17/08/2016 6:30 am  

Thanks anyway lars, much appreciated.


   
ReplyQuote
citizen
 citizen
(@citizen)
Eminent Member
Joined: 10 years ago
Posts: 38
17/08/2016 6:51 pm  

https://digital-forensics.sans.org/media/FOR518-Reference-Sheet.pdf
https://support.apple.com/en-ph/HT201711
http//ntfs.com/hfs.htm

Maybe start with a tiny image with a text file and a folder. (do things (Structured/documented things) -> capture -> analyze)

Hope this helps you along.


   
ReplyQuote
mokosiy
 mokosiy
(@mokosiy)
Trusted Member
Joined: 13 years ago
Posts: 55
19/08/2016 2:35 pm  

It looks like Dave Cowen offers HFS journal parser for free https://www.gettriforce.com/product/hfs-journal-parser/


   
ReplyQuote
 thefuf
(@thefuf)
Reputable Member
Joined: 17 years ago
Posts: 262
19/08/2016 3:05 pm  

https://github.com/bored-engineer/iOS-DataProtection/tree/master/python_scripts/hfs


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: