Mac Triage just got a whole lot easier.
The addition of the Mac remote agent allows you, with ease, to make decisions on scene regarding Mac computers with ADF computer triage of Mac computers. You can conduct a quick triage scan consisting of detecting images and videos, running crime or case-specific keywords, and comparing hashes in a short period of time. Just a short time ago you had to wait on these devices as it was analyzed at the lab. After you analyze the results of the triage scan the logical AFF4 image can be created with a simple change of screens and selecting the destination drive.
All the necessary components to make a connection between a Mac computer and your Windows installation are provided in the kit supplied with your ADF Forensic program. The user only needs to make a direct ethernet connection or have both computers on the same wireless or wired network in order to use the new Mac remote agent.
With a live Mac, the preferred connection is made and the collection key is inserted into the Mac computer. On the Collection Key you start the Mac Remote Agent, enter the credentials if prompted and the remote agent provides the IP address(s) for the connection. On the Windows installation you go to your scan screen, “Add Remote Agent” and the IP addresses are automatically populated. The IP connection you want to use is chosen and the Mac is added as a target device and is now scannable. A Search Profile customized for your operational needs is selected and the Mac is now scanned as any other device.
When the Mac is in a powered-off state you start the computer in recovery mode with the same connections as above and the Collection Key inserted. Once booted you confirm all disks are mounted and then access the terminal to start the remote agent. The remote agent will make the connection and provide you with the IP addresses. Add the remote agent on the Windows side and the Mac is added as the target device. Booting is the preferred method and will give you access to more data on more comprehensive scans or imaging.
Simplified solutions for the more complex aspects of your job!
Use Digital Evidence Investigator PRO for your all-in-one data collection and analysis tool for computer and mobile forensics.
