Difference between pages "Tools:Memory Analysis" and "Mac Marshal"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(New page: The following tools can be used to conduct memory analysis == Memory Analysis Framework == * Volatility - A complete framework for analyzing Windows XP Service Pack 2 memory images. ...)
 
 
Line 1: Line 1:
The following tools can be used to conduct memory analysis
+
{{Infobox_Software |
 +
  name = Mac Marshal|
 +
  maintainer = [[ATC-NY]] |
 +
  os = {{Mac OS X}} |
 +
  genre = {{Macintosh forensics}} |
 +
  license = Commercial (free to law enforcement) |
 +
  website = [http://www.macmarshal.com/ macmarshal.com] |
 +
}}
  
== Memory Analysis Framework ==
+
Mac Marshal is a tool to analyze Mac OS X file system images. It scans a Macintosh disk image, automatically detects and displays Macintosh and Windows operating systems and virtual machine images, then runs a number of analysis tools on the image to extract Mac OS X-specific forensic evidence written by the OS and common applications.
* [[Volatility]] - A complete framework for analyzing Windows XP Service Pack 2 memory images.
+
  
== Browser Email Memory Tool ==
+
Mac Marshal follows forensic best practices and maintains a detailed log file of all activities it performs. It produces reports in RTF, PDF, and HTML formats, and runs on Mac OS X-based analysis machines.
* [http://www.jeffbryner.com/code/pdgmail pdgmail] is a python script to extract gmail artifacts from memory images. Made for images extracted with pdd, but works with any memory image.
+
 
 +
Version 1.0 was released in January 2009, available at no cost to US law enforcement, with a commercial version available to non-law enforcement.
 +
 
 +
=Authors=
 +
Mac Marhsal was developed by ATC-NY, supported by a contract with the US National Institute of Justice (NIJ).  The project was originally named MEGA.
 +
 
 +
= External Links =  
 +
* [http://www.dfrws.org/2008/proceedings/p83-joyce.pdf DFRWS'08 Mac Marshal paper (pdf)]
 +
* [http://www.macmarshal.com/ www.macmarshal.com]
 +
* [http://www.atc-nycorp.com/ ATC-NY]
 +
 
 +
[[Category:Macintosh forensics tools]]

Revision as of 17:20, 9 February 2009

Mac Marshal
Maintainer: ATC-NY
OS: Mac OS X
Genre: Template:Macintosh forensics
License: Commercial (free to law enforcement)
Website: macmarshal.com

Mac Marshal is a tool to analyze Mac OS X file system images. It scans a Macintosh disk image, automatically detects and displays Macintosh and Windows operating systems and virtual machine images, then runs a number of analysis tools on the image to extract Mac OS X-specific forensic evidence written by the OS and common applications.

Mac Marshal follows forensic best practices and maintains a detailed log file of all activities it performs. It produces reports in RTF, PDF, and HTML formats, and runs on Mac OS X-based analysis machines.

Version 1.0 was released in January 2009, available at no cost to US law enforcement, with a commercial version available to non-law enforcement.

Authors

Mac Marhsal was developed by ATC-NY, supported by a contract with the US National Institute of Justice (NIJ). The project was originally named MEGA.

External Links