Difference between pages "ASR" and "MacQuisition Boot CD"
From Forensics Wiki
(Difference between pages)
Uwe Hermann (Talk | contribs) (Redirect ASR -> ASR Data. Removed content, as ASR is not a tool, but a company. Content should be in the SMART and other articles.) |
Uwe Hermann (Talk | contribs) (Cosmetic.) |
||
| Line 1: | Line 1: | ||
| − | + | '''Blackbag''' is a forensic boot disk built for imaging [[Macintosh]] systems. | |
| + | |||
| + | |||
| + | =Features= | ||
| + | |||
| + | ==File Systems Understood== | ||
| + | |||
| + | * For Macs! Produces a [[dd]] image. | ||
| + | |||
| + | ==File Search Facilities== | ||
| + | |||
| + | ==Historical Reconstruction== | ||
| + | |||
| + | Can it build timelines and search by creation date? | ||
| + | |||
| + | ==Searching Abilities== | ||
| + | |||
| + | Can it search? Does it build an index? Can it focus on file types or particular kinds of metadata? | ||
| + | |||
| + | ==Hash Databases== | ||
| + | |||
| + | Can it create hashes of files and/or blocks? Can it compare these hash values to any databases? | ||
| + | What sort of hash functions does it use? | ||
| + | |||
| + | ==Evidence Collection Features== | ||
| + | |||
| + | Can it sign files? Does it keep an audit log? | ||
| + | |||
| + | =History= | ||
| + | |||
| + | ==License Notes== | ||
| + | |||
| + | Is it commercial or open source? Are there other licensing options? | ||
| + | |||
| + | = External Links = | ||
| + | |||
| + | * [http://www.blackbagtech.com/ Official website] | ||
| + | |||
| + | ==External Reviews== | ||
Revision as of 16:25, 21 March 2006
Blackbag is a forensic boot disk built for imaging Macintosh systems.
Contents |
Features
File Systems Understood
- For Macs! Produces a dd image.
File Search Facilities
Historical Reconstruction
Can it build timelines and search by creation date?
Searching Abilities
Can it search? Does it build an index? Can it focus on file types or particular kinds of metadata?
Hash Databases
Can it create hashes of files and/or blocks? Can it compare these hash values to any databases? What sort of hash functions does it use?
Evidence Collection Features
Can it sign files? Does it keep an audit log?
History
License Notes
Is it commercial or open source? Are there other licensing options?
