• There are no suggestions because the search field is empty.

Digital Forensic News & Events

Bringing investigators digital forensics and cybersecurity related news from around the world. #AllinForensics
Back to News

Digital Forensic Boot Scan a Mac with APFS

Posted by Richard T. Frawley on April 5, 2019
Richard T. Frawley

ADF offers the best digital forensic solution for getting relevant data from an Apple Mac laptop or desktop running APFS since it is easy to use and offers investigators a quick and easy way to collect and analyze evidence.  In this short 3-minute video, ADF's digital forensic specialist, Rich Frawley shows how to boot a MacBook Air (APFS, non-encrypted) with Digital Evidence Investigator.

 

The ADF digital forensic team is hard at work putting the finishing touches on the complete package:

In the meantime, if FileVault is not an issue, ADF software can boot scan and collect the information investigators need to further an investigation or make a case. It is as simple as press and hold the Option key while powering on the Mac. This gives you access to the Startup Manager which will allow you to execute the ADF Software. This is also true for Mac’s prior to the implementation of APFS, ADF will be able to boot to your Mac and get you the relevant information for your case. 

Apple T2 Security Chip

But what about the new T2 Security Chip? One of the features of the T2 Security Chip is the ability to use Secure Boot to make sure that only a legitimate, trusted operating system loads at startup. That’s good news since ADF utilizes a legitimate, trusted operating system.

Another feature is the ability to exclude booting from an external device, and this would be important to get an APFS Mac to boot to that trusted operating system. If booting from an external device is not available in the Startup Manager, then by accessing the Startup Security Utility (Authentication Required) the settings can be changed to allow booting. Once this has been accomplished you can now use ADF to boot and conduct a scan of the computer.


With ADF software, you can conduct digital investigations of a suspect Mac in the lab, or on-scene, easier, faster and smarter to:

  • Quickly identify incriminating files and artifacts
  • Easily associate files to victims or a suspect
  • Create comprehensive court-ready reports

Watch: Boot Scan a Mac with APFS & FileVault 2

 

Topics: Digital Evidence Investigator, Triage-G2, Triage-Investigator, Forensic Triage, APFS, Apple Mac Forensics, DOMEX, How To Video, Boot Scan, Computer Forensics Video

Posts by Tag

See all

Recent Posts

New ADF Free Trial Website Ad

  • READY TO ACCELERATE YOUR DIGITAL INVESTIGATIONS?

  • Purchase