Briefly describe image examination methods for macOS.

What will be an ideal response?

ANSWER: After making an acquisition, the next step is examining the image of the file system with a forensics tool. The tool you use depends on the image file’s format. For example, if you used EnCase, FTK, or X-Ways Forensics to create an Expert Witness (.e0l) image, you must use one of these tools to analyze the image. If you made a raw format image, you can use any of the following tools:
• BlackBag Technologies Macintosh Forensic Software (OS X only)
• SubRosaSoft MacForensicsLab (OS X only)
• Guidance Software EnCase
• Recon Mac OS X Forensics with Palladin
• X-Ways Forensics
• AccessData FTK

Computer Science & Information Technology

You might also like to view...

Startup programs will always prompt the user before running

Indicate whether the statement is true or false

View

Computer Science & Information Technology

The bottom layer of the OSI model is

A) Data link B) Physical C) Network D) Transport

View

Computer Science & Information Technology