Briefly describe image examination methods for macOS.
What will be an ideal response?
ANSWER: After making an acquisition, the next step is examining the image of the file system with a forensics tool. The tool you use depends on the image file’s format. For example, if you used EnCase, FTK, or X-Ways Forensics to create an Expert Witness (.e0l) image, you must use one of these tools to analyze the image. If you made a raw format image, you can use any of the following tools:
• BlackBag Technologies Macintosh Forensic Software (OS X only)
• SubRosaSoft MacForensicsLab (OS X only)
• Guidance Software EnCase
• Recon Mac OS X Forensics with Palladin
• X-Ways Forensics
• AccessData FTK
You might also like to view...
The following steps are used for which process relating to a sequential file?
1 . Open the file for Output 2 . Use Read statements to assign data in each record to program variables 3 . Use the EOF function to determine the end of the file 4 . Close the file a. creating a file b. reading the contents of a file c. modifying the contents of a file d. merging two files
________ contain an area to add one or more data actions
A) Data groups B) After events C) Before events D) Data blocks
When charting the X-axis is also referred to as the:
A) horizontal axis. B) vertical axis. C) type. D) scale.
By holding down the Alt key you can select more than one object at a time
Indicate whether the statement is true or false