ATTENTION: The new home of the Digital Forensics Wiki is at https://forensicswiki.xyz/. Yeah, it's a silly name, but it was cheap.
This wiki will be going offline permanently in the near future. An exact date will be announced soon. Thank you for being a part of this community.
If you wish to work on the new forensicswiki, please join the Google Group forensicswiki-reborn

Mac Marshal

From ForensicsWiki
Revision as of 22:20, 9 February 2009 by Robjoyce (Talk | contribs)

Jump to: navigation, search
Mac Marshal
Maintainer: ATC-NY
OS: Mac OS X
Genre: Template:Macintosh forensics
License: Commercial (free to law enforcement)
Website: macmarshal.com

Mac Marshal is a tool to analyze Mac OS X file system images. It scans a Macintosh disk image, automatically detects and displays Macintosh and Windows operating systems and virtual machine images, then runs a number of analysis tools on the image to extract Mac OS X-specific forensic evidence written by the OS and common applications.

Mac Marshal follows forensic best practices and maintains a detailed log file of all activities it performs. It produces reports in RTF, PDF, and HTML formats, and runs on Mac OS X-based analysis machines.

Version 1.0 was released in January 2009, available at no cost to US law enforcement, with a commercial version available to non-law enforcement.

Authors

Mac Marhsal was developed by ATC-NY, supported by a contract with the US National Institute of Justice (NIJ). The project was originally named MEGA.

External Links