Difference between pages "Mac Marshal" and "BitLocker"

From ForensicsWiki
(Difference between pages)
Redirect page
Jump to: navigation, search
(Update for V3.)
 
 
Line 1: Line 1:
{{Infobox_Software |
+
#REDIRECT [[BitLocker Disk Encryption]]
  name = Mac Marshal|
+
  maintainer = [[ATC-NY]] |
+
  os = {{Mac OS X}} |
+
  genre = {{Macintosh forensics}} |
+
  license = Commercial (free to law enforcement) |
+
  website = [http://www.macmarshal.com/ macmarshal.com] |
+
}}
+
 
+
Mac Marshal is a tool to analyze Mac OS X file system images. It scans a Macintosh disk image, automatically detects and displays Macintosh and Windows operating systems and virtual machine images, then runs a number of analysis tools on the image to extract Mac OS X-specific forensic evidence written by the OS and common applications.
+
 
+
Mac Marshal Forensic Edition runs on an investigator's workstation to analyze a Mac disk image.
+
 
+
Mac Marshal Field Edition runs on a Mac target machine from a USB drive.  It extracts volatile system state data, including a snapshot of physical RAM.
+
 
+
Mac Marshal follows forensic best practices, maintains a detailed log file of all activities it performs, and produces reports in RTF, PDF, and HTML formats.
+
 
+
Version 1.0 was released in January 2009, available at no cost to US law enforcement, with a commercial version available to non-law enforcement.  Version 2.0 was released in November 2010, adding live analysis in the Field Edition and the ability to take a snapshot of the target machine's physical RAM.  Version 3.0 was released in November 2011 and can run on both Mac OS X and Windows XP and later.
+
 
+
 
+
=Authors=
+
Mac Marshal was developed by ATC-NY, supported in part by the US National Institute of Justice (NIJ).  The project was originally named MEGA.
+
 
+
= External Links =
+
* [http://www.dfrws.org/2008/proceedings/p83-joyce.pdf DFRWS'08 Mac Marshal paper (pdf)]
+
* [http://www.macmarshal.com/ www.macmarshal.com]
+
* [http://www.atc-nycorp.com/ ATC-NY]
+
 
+
[[Category:Macintosh forensics tools]]
+

Latest revision as of 20:59, 12 February 2009