Has anyone succeeded in performing the Zdziarski method from Mac OSx Leopard in a virtual machine? Is it possible?
As long as the USB is bridged and the VM had an internet connection is established you should be fine
I've tried using his Linux tools on a Ubuntu 10.04 LTS VM through VMWare Fusion and it did NOT work.
The problem is that at some point, you need to unplug then plug back the USB cable of the IOS device and you have a very limited time to do so (like 10 seconds). In my tests, the delay between the time I physically plug in the USB cable to when the guest OS detects and is able to use the device is too long, so the imaging process times out.
So now, I use Ubuntu in Live CD mode with Zdziarski tools.
Also, if I understand you question, you wish to run OSX (client) as a guest OS. I believe that right now, the only product that will technically allow that is VirtualBox beta. Personally, I would not feel comfortable having to perform forensic examinations with beta software. Also, I believe that for the moment, running OSX client as a VM is against the Mac OS X Client EULA.
Hope this helps.
Has anyone succeeded in performing the Zdziarski method from Mac OSx Leopard in a virtual machine? Is it possible?
Question here, when you are using JZ's method, I think you are a LEO. And how can you run OSX on Virtual Machine as it is not allowed by APPLE's EULA on OSX as a LEO.
Has anyone succeeded in performing the Zdziarski method from Mac OSx Leopard in a virtual machine? Is it possible?
Question here, when you are using JZ's method, I think you are a LEO. And how can you run OSX on Virtual Machine as it is not allowed by APPLE's EULA on OSX as a LEO.
Police officers also speed to catch escaping criminals… should that also be banned too?
Has anyone succeeded in performing the Zdziarski method from Mac OSx Leopard in a virtual machine? Is it possible?
Question here, when you are using JZ's method, I think you are a LEO. And how can you run OSX on Virtual Machine as it is not allowed by APPLE's EULA on OSX as a LEO.
Police officers also speed to catch escaping criminals… should that also be banned too?
I will ask, is that already the best option to finish the task?
for your case catching escaping criminals, speeding seems to inevitable and reasonable and probably be accepted.
But running OSX on VM?? Um…….. I definitely will argue about that.
And usually the OSX on VM are hacked version. There seems to be no way to get a clean installation of OSX on VM.
How can a piece of evidence being accepted from a hacked system?
As long as the process is forensically repeatable evidence is evidence. If you recover a picture of someone shooting someone and a defence expert will still be able to recover it after your done… does that change what you what you took off the phone.
I do not wish to argue this any more, I am not condoning the use of hacked systems for the recovery of evidence, that is not what this topic is about.
Can a VM be used to run the JZ method on OSX… yes
Should you do it if you have another acceptable forensic method avaliable/can be implemented in time… no!
If it preserves human life, could it be done OF COURSE!
Pleas accept my blunt nature, if you wish to start a topic about forensics and the ethics of hacked VMs. Please, go ahead
Can a VM be used to run the JZ method on OSX… yes
Before answering, have you even tried it ??
Because as I mentioned before, in my experience, it does not work… and that's what this topic is about.