David Martin describes how to use OSX as a forensic platform
https://www.sans.org/reading-room/whitepapers/apple/os-forensic-platform-37637
Abstract: The Apple Macintosh and its OS X operating system have seen increasing adoption by technical professionals, including digital forensic analysts. Forensic software support for OSX remains less mature than that of Windows or Linux. While many Linux forensic tools will work on OS X, instructions for how to configure the tool in OS X are often missing or confusing. OS X also lacks an integrated package management system forcommand line tools. Python, which serves as the basis for many open-source forensic tools, can be difficult to maintain and easy to misconfigure on OS X.
Due to these challenges, many OS X users choose to run their forensic tools from Windows or Linux virtual machines.While this can be an effective and expedient solution, those users miss out on the much of the power of the Macintosh platform.
This research will examine the process of configuring a native OS X forensic environment that includes many open source forensic tools, including Bulk Extractor, Plaso, Rekall, Sleuthkit, Volatility and Yara.This process includes choosing the correct hardware and software, configuring it properly, and overcoming some of the unique challenges of the OSX environment. A series of performance tests will help determine the optimal hardware and software configuration and examine the performance impact of virtualization options
Cybersecurity expert building a safer Internet
8 年Great paper. Well done David M. Martin, and thanks for sharing it Stephen Northcutt