The best tools for rapid Mac forensics investigations just got better with ADF's release of new software versions to support the collection of artifacts with Mac OS Mojave Forensics and MacOS High Sierra as well as from Windows.
ADF computer forensics software provides highly configurable artifact and file collection capabilities for Apple Mac operating systems including web browser cached files, social media, P2P, cryptocurrency, cloud storage, user login events, anti-forensic traces, files shared via Skype, USB history, user connection log, etc.
Digital forensic examiners or front-line field investigators can also search for evidence and collect emails including Apple Mail and Microsoft Outlook. Other evidence collection features include the ability to:
Process APFS partitions, NTFS, FAT, HFS+, EXT, ExFAT, and YAFFS2 file systems, compute MD5 and SHA1 on collected files for integrity validation
Collect password protected and corrupted files for later review
Collect iOS backups on target or suspect computers
Detect and warn of BitLocker and FileVault2 protected drives
Leverage ADF's powerful boot capability (including UEFI secure boot and Macs) to access internal storage that cannot easily be removed from computers
See a full feature list for Digital Evidence Investigator®, Triage-Investigator® or Triage-G2® and watch the Boot Scan with a Mac with APFS and FileVault 2 short video.
Additional mac OS digital forensic resources can be found on Apple websites and Mac community resource pages.
- Official macOS Support
- Comprehensive Apple Tech Specs
- Apple Security Updates
- Apple Community Support
- Apple mac Forensics Forum on Yahoo
- Apple mac and iOS Repair - iFixit
- DiskWarrior - Essential Apple mac Directory Repair Tool
- macOS X Hints
- macOS User Guide