Mac Marshal™ Digital Forensic Software
ATC-NY's Mac Marshal™ automatically extracts forensic evidence from Mac OS X systems, letting you conduct your investigations faster and more thoroughly. Mac Marshal scans a Macintosh disk, automatically detects and displays Macintosh and Windows operating systems and virtual machine images, then runs a number of analysis tools to extract Mac OS X-specific forensic evidence written by the OS and common applications. Mac Marshal Forensic Edition focuses on the analysis of Mac disk images on an investigator's workstation. Mac Marshal Field Edition can also analyze volatile system state data from live, running systems prior to seizure and disk imaging.
Mac Marshal follows forensic best practices and maintains a detailed log file of all activities it performs. It produces reports in RTF, PDF, and HTML formats, and runs on both Mac OS X and Microsoft Windows-based analysis machines.
The National Institute of Justice (NIJ) Electronic Crime Technology Center of Excellence recently evaluated Mac Marshal 2.0.3; read their report!
- Mac Marshal Forensic Edition™ 3.0.0, released November 2011
- Mac Marshal Field Edition™ 3.0.0, released November 2011