Big Sur, Big Changes

Anyone who has worked with Macs for a long time knows all the pains of updating new versions of their operating system. MacOS Big Sur is Apple’s latest operating system that launched on November 12, 2020 and came with a long line of updates to fix certain features that are not fully functional. Within a day when it launched, they released another version of Big Sur. We usually recommend not updating during early releases unless necessary. If so, we suggest dual booting to keep the old operating system and the new.

But worry not, dear reader, because SUMURI is fully prepared to support the latest macOS and is ready to roll out all-new RECON ITR and RECON LAB builds for Big Sur. We have been working tirelessly to ensure all of our software is ready for the biggest Apple update since 2006 (the last time they switched processors). Our development team continues to work as quickly as they can to update RECON as soon as possible when updates are released in macOS 11.

From a forensic perspective, the significant changes in Big Sur coming from the Apple M1 Chipset. Almost all Mac computers from this point forward will have Apple’s new proprietary processor, and it has changed the way we image Macs.

Since they are all made in-house by Apple, it allows them to control its security from a hardware level. These new processors are the biggest change we have seen with the new M1 Chipset Macs that have robust boot protection compared to the Intel Macs with the T2 Security Chipsets of the past.

As of right now, M1 Chipset Macs can only boot into a sealed version of macOS 11. In other words, third-party bootable imagers are not working. Apple also removed the ability to image using Target Disk Mode and replaced it with Sharing Mode. On top of this, users are strongly encouraged to enable FileVault when they are first starting new Apple Silicon machines meaning you will encounter this extra layer of security more than ever before. Having the user’s password is more important than ever before with Apple’s improvements in security.

The apparent death of the bootable imager for newer systems led us to change our approach to the acquisition of Mac computers. We anticipated this in the past and created RECON ITR to give examiners the capabilities to image in any situation. Our solution has shifted from using bootable imagers to live acquisition of the targeted machine. In addition, we are still supporting our bootable RECON IMAGER for “Legacy” Macs that have the ability to be imaged from an external boot environment.

Big Sur and the Apple M1 Chipsets have changed the way we look at imaging Macs, but we have already prepared for this. So, get yourself ready for macOS Big Sur with RECON ITR and RECON LAB.


Upcoming Courses
Share This Story, Choose Your Platform!
Related Posts
Scroll to Top