Mac Marshal Forensic Edition™
Mac Marshal Forensic Edition 3.0 is a software tool that runs on a forensic investigator's Mac workstation to automatically analyze a Mac disk image. Get the Forensic Edition here!
- Analyzes Mac OS X and dual-boot disk and partition images in multiple formats
- Analyzes configuration and log files from common OS X applications, such as Mail, Safari, iChat and Address Book
- Performs rapid searches using Spotlight file metadata
- Gathers comprehensive machine usage information
- Lists detailed information about every iPod and iPhone that has been connected to the machine
- Detects VMWare, VirtualBox & Parallels virtual machines
- Detects and analyzes FileVault-encrypted user directories
- Supports dd, EnCase, FTK, AFF, and Apple disk images
- Maintains an audit trail and generates detailed reports
New Features in 3.0!
- Mac Marshal can now run on Microsoft Windows XP and later, as well as Mac OS X!
- Full support for Mac OS X 10.7 ("Lion"), both as an analysis machine and an investigative target
- Analysis of iCloud configuration data
- Improved Bluetooth device history analysis, including more data about each device
- Improved analysis of Recent Items, including recently opened documents for each application
- Improved Spotlight search tools within Mac Marshal
- New optional "automatic update" feature
- A large number of speed and usability improvements throughout
- Mac OS X 10.4 through 10.7 (PowerPC G4 or newer, or any Intel processor), or Microsoft Windows XP or newer. (Spotlight searches and FileVault home directory analysis require Mac OS X.)
- 200MB disk space for installation
Click on the headings and images below to view Mac Marshal in action.