ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "Mac Marshal"

From ForensicsWiki
Jump to: navigation, search
(New page: {{Infobox_Software | name = Mac Marshal| maintainer = ATC-NY | os = {{Mac OS X}} | genre = {{Macintosh forensics}} | license = Commercial (free to law enforcement) | websit...)
 
Line 8: Line 8:
 
}}
 
}}
  
TBD...
+
Mac Marshal is a tool to analyze Mac OS X file system images. It scans a Macintosh disk image, automatically detects and displays Macintosh and Windows operating systems and virtual machine images, then runs a number of analysis tools on the image to extract Mac OS X-specific forensic evidence written by the OS and common applications.
 +
 
 +
Mac Marshal follows forensic best practices and maintains a detailed log file of all activities it performs. It produces reports in RTF, PDF, and HTML formats, and runs on Mac OS X-based analysis machines.
  
 
Version 1.0 was released in January 2009, available at no cost to US law enforcement, with a commercial version available to non-law enforcement.
 
Version 1.0 was released in January 2009, available at no cost to US law enforcement, with a commercial version available to non-law enforcement.
  
 
=Authors=
 
=Authors=
Mac Marhsal was developed by ATC-NY through a US National Institute of Justice (NIJ) grant.  The project was originally named MEGA.  
+
Mac Marhsal was developed by ATC-NY, supported by a contract with the US National Institute of Justice (NIJ).  The project was originally named MEGA.  
  
 
= External Links =  
 
= External Links =  
 
* [http://www.dfrws.org/2008/proceedings/p83-joyce.pdf DFRWS'08 Mac Marshal paper (pdf)]
 
* [http://www.dfrws.org/2008/proceedings/p83-joyce.pdf DFRWS'08 Mac Marshal paper (pdf)]
* [http://www.macmarshal.com/ macmarshal.com]
+
* [http://www.macmarshal.com/ www.macmarshal.com]
* [http://atc-nycorp.com ATC-NY]
+
* [http://www.atc-nycorp.com/ ATC-NY]
  
 
[[Category:Macintosh forensics tools]]
 
[[Category:Macintosh forensics tools]]

Revision as of 22:20, 9 February 2009

Mac Marshal
Maintainer: ATC-NY
OS: Mac OS X
Genre: Template:Macintosh forensics
License: Commercial (free to law enforcement)
Website: macmarshal.com

Mac Marshal is a tool to analyze Mac OS X file system images. It scans a Macintosh disk image, automatically detects and displays Macintosh and Windows operating systems and virtual machine images, then runs a number of analysis tools on the image to extract Mac OS X-specific forensic evidence written by the OS and common applications.

Mac Marshal follows forensic best practices and maintains a detailed log file of all activities it performs. It produces reports in RTF, PDF, and HTML formats, and runs on Mac OS X-based analysis machines.

Version 1.0 was released in January 2009, available at no cost to US law enforcement, with a commercial version available to non-law enforcement.

Authors

Mac Marhsal was developed by ATC-NY, supported by a contract with the US National Institute of Justice (NIJ). The project was originally named MEGA.

External Links