본문 바로가기
조회 수 3198 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print

http://www.appleexaminer.com/MacsAndOS/Recommendations/Software/Software.html


Suites


First Responder


RAM Capture


iOS Apps


Imaging and Disk Arbitration Control

  • BlackBag Technologies MacQuisition - imaging and incident response of Intel and PPC Macs in one solution
  • BlackBag Technologies SoftBlock - Disk Arbitration control at the kernel level allowing for internal and external media control
  • Disk Arbitrator - from Aaron Burghardt, “Disk Arbitrator continuously monitors for disks to appear and disappear and tracks the disks in the main window. When a new disk is attached, the system notifies Disk Arbitrator and gives it a chance to reject mounting of a disk volume”.
  • Evidence Collector - our latest tool for safe collection of single folders on a Mac
  • FTK Imager for Mac GUI - this is the FTK Imager by AccessData with a Graphical User Interface added to it. It is in beta now. Please read the included notes before using.
  • MacOSXForensics Imager Release Candidate 2.1! Image physical devices in the Encase or FTK format. MD5 and SHA1 hash support. See the Read Me file for complete documentation.
  • Paladin, an Ubuntu based LiveCD for Mac and PC with imaging and analytical tools included
  • DCFLDD - combines hashing and imaging into one utility. Based on 'dd' with much more functionality and provides feedback.
  • DC3DD - combines hashing and imaging into one utility. Based on 'dd' with much more functionality and provides feedback.
  • FTK Imager - Windows only but recognizes HFS+ file format and is free
  • FTK Imager CLI for Macintosh - command line version of Access Data’s Imager software available for OS X
  • MacForensicsLab Write Controller - disk arbitration control


Virtual Machine

  • VMware Fusion, virtualize multiple operating systems including Mac OS X 10.5 Server
  • Nova Development Parallels, virtualize multiple operating systems including Mac OS X 10.5 Server
  • Sun VirtualBox, virtualize multiple operating systems for free, will not run Mac OS X 10.5 Server
  • VMWare vCenter Converter, a new free product from VMWare that allows you to convert physical Windows and Linux machines as well as images to other formats into virtual machines.


Network

  • NSMonitor - utility that combines the live tracking of File System events, Network events, sockets, files, IORegistry, and others.
  • Wireshark - packet sniffing
  • F-Response TACTICAL - remote acquisition and analysis of Macs (and other platforms)
  • Dropbox Reader - free utility to analyze Dropbox evidence on the local machine
  • MacForensicsLab Web Agent - Cross-platform forensic web crawler


iOS Devices
see our page iOS Device Analysis Tools page for the most up to date information

Decryption

  • DaveGrohl - optimized OS X 10.7 and later hash cracking, built to run on OS X
  • Passware Kit v11 - login password and Keychain stored passwords among other features
  • John the Ripper, free software to attach several different hashes including the OS X salted SHA-1(scroll down to the specific Mac build so you don’t have to compile)
  • HashCat, free software that uses the CPU and GPU
  • crowbarKC, a free utility to dictionary attack a Keychain file
  • crowbarDMG, a free utility to dictionary attack DMG, sparseimage, and sparsebundle file types
  • Mike’s Forensic Tools - Mike Harrison has a website with some great tools, namely a password cracker and SpotLight query tool.
  • FileVault 2 mounting - open source code to mount FIleVault 2 encrypted volumes


Memory/RAM Analysis

  • MacQuisition - imaging of RAM on a live Mac as well as “soft boot” ability to capture most of RAM when admin password isn’t known
  • Mac Memory Reader - ATC-NY has released the singular function from Mac Marshal of gather RAM of a live Mac to the community for free
  • “volafox” a.k.a “Memory Analyzer for Mac OS X” - volafox is a python 2.5 application that will analyze images of Macintosh RAM. This utility is free.


Image Analysis

  • MacForensicsLab Field Agent, free for law enforcement, application to locate images using flesh tone analysis, available on Mac, Windows, and Linux
  • File Juicer, extract images and many other file types from a given source with this great utility by Echo One
  • Exiftool, a free utility to extract EXIF data from a huge list of file types by Phil Harvey.
  • Exif Data Dump, an Automator Action based on Exiftool by George Starcher that will turn Exif data gathering into a one step action


Image Capture


Hex Editors

  • iBored, a free hex editor for disk sectors written by Thomas Tempelmann
  • 0xED is a native, Cocoa based Hex Editor by SuaveTech
  • Synalyze It! and Synalyze It! Pro, a hex editor with custom views, grammar, printing, and searching


Search

  • EasyFind - DEVON Technologies free search utility
  • Find Any File - free utility from Thomas Tempelmann to search entire volumes
  • MacForensicsLab Social - Social Agent™ is designed to get evidence from chats, private messages, and blog activity on Facebook (and other) social networking websites


Reporting

  • ThumbsUp - DEVON Technologies free utility to generate thumbnails of images
  • MacOSXForensics MetaData Extractor - utility to extract metadata from any file(s) and also plot the lat/long on a Google map if available


Email & Internet

  • Internet Evidence Finder v6 - Windows based tool that supports many OS X specific data artifacts
  • Emailchemy - Weird Kid Software Products
  • TNEF, a free utility to decode WINMAIL.DAT email attachments by Josh Jacob
  • SafariCacheView, a Windows based utility to read and extract data from the Safari cache.db


Hardware

  • MacTracker - a complete and up-to-date database of all Apple hardware produced since the day they became a company. Excellent reference.


Compatibility

  • MacFuse and NTFS 3-g (NTFS read/write for OS X)
  • ASR Data Smart Mount (mounts images of Mac systems on Windows operating systems)



Always check out our 
Files section for the latest in FREE tools from this site.

Sources



Designed by sketchbooks.co.kr / sketchbook5 board skin

나눔글꼴 설치 안내


이 PC에는 나눔글꼴이 설치되어 있지 않습니다.

이 사이트를 나눔글꼴로 보기 위해서는
나눔글꼴을 설치해야 합니다.

설치 취소

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5