Hi folks,
Does anyone have a process that they can share with me on how to perform a virus scan of data acquired from a MacBook Pro (APFS/T2 chip)?
I have AFF4 (decrypted data), E01 (encrypted data) and DMG (encrypted data) images of a T2 chipped/APFS MacBook Pro (A2141) acquired with Digital Collector. So far, I have tried the following (unsuccessfully):
- restoring each image onto an external HDD and trying to boot it on a 'test' MacBook;
- mounting the DMG directly on a 'test' MacBook;
- using X-Ways to run an external virus scan, this worked but the AV used was Windows based. Ideally I need a Mac OS AV to scan Mac OS files;
- mounting each image using Arsenal Image Mounter on a Windows-based machine. Same issue as above;
- using the X-Ways VirusTotal X-Tension however I can't seem to be able to get it to work;
I have Cellebrite Inspector at my disposal however it does not seem to have any built-in AV capabilities or AV plugins.
I am currently trying to create a VM of one of the images, if this is successful I'll be able to install a Mac-based AV within the VM.
If anyone has any other ideas in the meantime I would really appreciate them.
Â
~K.