Making complex data simple and compelling
From digital device to digital evidence
Unlock your vehicle's digital evidence potential
Forensic Analysis and Enhancement
Investigating and analyzing financial records
Gain access to the online accounts of deceased loved ones
Clear, precise evidence for a messy world
Expert reports to suit your specific needs
We can locate people anywhere
Stop worrying and learn the truth
Prevent, Detect, Respond To Cyberattacks
First response is crucial. Every minute counts.
The first response is critical to reduce liability
Detection & Removing Spyware Services
Reduce your electronic risk from digital transmittals
Find out who you are really talking to
Experienced, Confidential Services
Swift, professional incident response
Complicated cases require compelling digital facts
Find, recover and document digital evidence
Bring solid evidence before a judge
Cases can be investigated using Social Media
Divorce, custody battles, and other
Win the most important battle of your life
Everything you need
Effective Expert Witness in Court
Evidence shows who is telling the truth
Subpoena power yields strong evidence
Digital evidence can build a strong defense
Go to court with compelling digital evidence
In 34th episode of the Digital Forensic Survival Podcast Michael Leclair talks about his favourite tools for OS X forensics. He presents a wide list of forensic tools, which can be used for solving common problems, such as imaging, file analysis, data carving, decryption, email analysis, etc. Here is the full list of tools discussed in the podcast:
RECON for Mac OS X – Automated Mac Forensics, RAM Imaging, Search features, Live Imaging and Timeline generation.
PALADIN – Free imaging option. Offers remote imaging feature where client boots system and examiner can access to complete imaging tasks. You can use it for Fusion drives though you have to reassemble in terminal afterwards.
File XRAY – Low level file explorer.
DCFLDD – for imaging in Terminal.
File Juicer – automated datacarving.
Xcode – free from Apple, OS X add-on.
SQLITE Database Browser – Firefox has a plugin that works well (off line).
PLIST Editor Pro
Stellar Phoenix Data recovery tools – one of the best I have found for comprehensive data recovery, resurrecting formatted volumes, etc.
PASSWARE – for attacking Filevault2 protected volumes and Keychains.
EXIFTOOL – metadata parser.
iBored – hex editor.
EASY FIND – Another option for searching mounted DMGs on a Mac that offers options Spotlight does not.
Emailchemy – Email converter.
NTFS for Mac
Save my name, email, and website in this browser for the next time I comment.
Speak to a Specialist Now
Get Help Now