Back to News

macOS Mojave Forensics

Posted by ADF Solutions on November 21, 2018
ADF Solutions

ADF collects artifacts from macOS MojaveThe best tools for rapid digital forensic investigations just got better with ADF's release of new software versions to support the collection of artifacts from macOS Mojave, in addition to macOS High Sierra and Windows. 

ADF software provides highly configurable artifact and file collection capabilities for macOS including web browser cached files, social media, P2P, cryptocurrency, cloud storage, user login events, anti-forensic traces, files shared via Skype, USB history, user connection log, etc.

Investigators can also search for evidence and collect emails including Apple Mail and Microsoft Outlook.  Other evidence collection features include the ability to:

  • Process APFS partitions, NTFS, FAT, HFS+, EXT, ExFAT, and YAFFS2 file systems, compute MD5 and SHA1 on collected files for integrity validation

  • Collect password protected and corrupted files for later review

  • Collect iOS backups on target computers

  • Detect and warn of BitLocker and FileVault2 protected drives

  • Leverage ADF's powerful boot capability (including UEFI secure boot and Macs) to access internal storage that cannot easily be removed from computers

See a full feature list for Digital Evidence Investigator®, Triage-Investigator® or Triage-G2®

Watch: Boot Scan a Mac with APFS & FileVault 2

Additional macOS Forensic Resources


Topics: Digital Forensics, Digital Evidence Investigator, Triage-G2, Triage-Investigator, Triage, Forensic Triage, Forensic Software, Digital Devices, APFS, Apple Mac Forensics

Get Triage & Digital Forensic News (once a month)

Posts by Tag

See all

Recent Posts