SDF – Imaging Mac Fusion Drives
Welcome to the Surviving Digital Forensics series. This series is focused on helping you become a better computer forensic examiner by teaching core computer forensic skills – all in about one hour. In this class you will learn how to image a Mac using only a Mac and freely available software. This will give you not only an additional imaging option but also provide you a solution for imaging Mac Fusion drives.
As with previous SDF classes you will learn by doing. The class begins with a brief overview of the issue at hand. Then we set up our forensic systems and off we go. Learning is hands on and we will use low cost and no cost computer forensic tools to do so.
Expert and novice computer forensic examiners alike will gain from this class. Since we are doing it the SDF way we are going to teach you real computer forensic skills that you can apply using our method or customize to meet your needs. We cover basic imaging as well as some additional options you may need such as, splitting an image, using different hash algorithms, imaging partitions and more.
A Mac running OS 10.9+ is required for this course. If you are running 10.7 or 10.8 you likely will be okay, but a more up-to-date platform is recommended. The forensic tools we use are all freely available, so beyond your operating system all you need is the desire to become a better computer forensic examiner.
- Image a Mac using just a Mac and freely available tools
- Learn how to install DCFLDD on a Mac
- Learn how to use DCFLDD in Terminal
- Image Mac Fusion drives
- Apply different hashing algorithms to the imaging process
- Create segmented image files
- Target image partitions only