Mac and iOS forensics is truly a passion of mine that I genuinely want to share with the forensics community. While you may not work on a Mac or iOS investigation every day, the tools and techniques you learn in this course will help you with other investigations including Windows, Linux, and mobile.' It features all-in-one forensic tool, simple and powerful system, advance low level expertise, as well as clean and concise reports. This software has been used by various law enforcements worldwide. What is Forensic Software? Forensic software is a type of software that deals with digital forensic investigations for both online and offline crimes.
- Common VPN tools hash set on Win10 64bit, 2019. Already bundled with OSF V7: 761 KB: Download: The hash sets can also be purchased as a complete set pre-loaded onto a hard disk. Installing the Hash Sets. To install the hash sets, you must download the individual zip files (linked above), and unzip them into the OSForensics program data folder.
- The Importance of Knowledge in Mac Forensics. Great number of available apps that are not supported from forensics software, and strong encryption, which can postpone or permanently disable the forensic investigation. Be the first to review “MacOS Forensics” Cancel reply.
Version 8 Beta
A Beta release of V8 of OSForensics for community testing and feedback is now available. Please see this forum post about the new features and the download link.
Older Versions
We are no longer working on older versions of OSForensics, but you can download the older versions of OSForensics on our website. This is purely for supporting users of the previous versions.
We recommend upgrading to Version 7 where possible, as we have improved many aspects of OSForensics and have addressed many issues based on user feedback.
If you do not wish to upgrade to Version 7, you can download old software releases here.
Version | Download |
OSForensics v6.1.1005 | Download |
OSForensics v5.2.1007 | Download |
OSForensics v4.0.1002 | Download |
System requirements
![Forensic Tools For Mac Forensic Tools For Mac](/uploads/1/1/8/9/118988796/619204546.jpg)
Windows Vista, Win 7, Win 8, Win 10
Windows Server 2000, 2003, 2008, 2012, 2016, 2019
32bit and 64bit support, (64bit recommended)
Minimum 1GB of RAM. (8GB+ recommended)
200MB of free disk space, or can be run from USB drive
Windows Server 2000, 2003, 2008, 2012, 2016, 2019
32bit and 64bit support, (64bit recommended)
Minimum 1GB of RAM. (8GB+ recommended)
200MB of free disk space, or can be run from USB drive
Download Hash Sets
OSForensics allows you to use Hash Sets to quickly identify known safe files (such as operating system and program files) or known suspected files (such as viruses, trojans, hacker scripts) to reduce the need for further time-consuming analysis. You can download some sample hash sets below. They are individually zipped.
![Forensic Forensic](/uploads/1/1/8/9/118988796/342837489.jpg)
Hash sets | Size | Download |
Windows 10 Home v1709 build:16299 (x64) hash set | 37,376 KB | Download |
Windows 8.1 Professional (x64) hash set | 10,228 KB | Download |
Windows 8.1 (x64) hash set | 10,232 KB | Download |
Windows 8 Professional (x64) hash set | 9,785 KB | Download |
Windows 8 (x64) hash set | 9,785 KB | Download |
Win7 Ultimate (32-bit) hash set | 18,825 KB | Download |
Win7 Enterprise (x64) hash set | 11,670 KB | Download |
Vista Business (32-bit) hash set | 8,475 KB | Download |
Vista Business (x64) hash set | 8,069 KB | Download |
XP Professional SP3 (32-bit) hash set | 1,889 KB | Download |
XP Professional SP2 (x64) hash set | 1,456 KB | Download |
Office 365 v1806 build:10228 (Win10) hash set | 1,528 KB | Download |
Office 2007 Enterprise (Vista) hash set | 1,313 KB | Download |
Office 2007 Enterprise (Win7) hash set | 1,978 KB | Download |
Common Keyloggers hash set. Old set from 2010 | 124 KB | Download |
Common Keyloggers hash set on Win10 64bit, 2019 Already bundled with OSF V7 | 281 KB | Download |
Common Peer to Peer P2P tools hash set on Win10 64bit, 2019. Already bundled with OSF V7 | 1177 КВ | Download |
Common Cryptocurrency tools hash set on Win10 64bit, 2019. Already bundled with OSF V7 | 761 KB | Download |
Common VPN tools hash set on Win10 64bit, 2019. Already bundled with OSF V7 | 761 KB | Download |
The hash sets can also be purchased as a complete set pre-loaded onto a hard disk.
Installing the Hash Sets
To install the hash sets, you must download the individual zip files (linked above), and unzip them into the OSForensics program data folder.
On Vista, Windows 7, Server 2008+ & Win10, this would typically be the following folder (you may need to enable viewing of hidden directories to see it or enter it directly into the Explorer address bar):
C:ProgramDataPassMarkOSForensicshashSets
C:ProgramDataPassMarkOSForensicshashSets
On XP and Server 2000/2003, it is typically something like this:
C:Documents and SettingsAll UsersApplication DataPassMarkOSForensicshashSets
C:Documents and SettingsAll UsersApplication DataPassMarkOSForensicshashSets
You will then need to restart OSForensics if you have it currently open. When you next start OSForensics, you should now find additional sets listed in the tree view under the 'Hash Sets' module.
Download Rainbow Tables
OSForensics enables you to utilize Rainbow Tables to retrieve passwords given that you have the hash (encrypted text) of that password. The use of rainbow tables serve essentially as a time-memory trade off in the decryption of a hash. That is, they store precomputed password to hash pairs, so that instead of generating these pairs on the fly, you can just search for a hash in the table to recover the password corresponding to that hash. OSForensics can generate Rainbow Tables for different input parameters. Some example Rainbow Tables are available below for download. They are individually zipped. To install the Rainbow Tables for use with OSForensics, refer to the paragraph below. To use these rainbow tables for password retrieval, click the 'Retrieve Password with Rainbow Table' tab in the Passwords module of OSForensics. You can also download and use Indexed Rainbow Tables from rainbowtables.com (use RTI1 files only) with OSForensics.
Hash sets | Size | Download |
md5_loweralpha-numeric#1-7_0_72656x4797112_OSF | 32.6 MB | Download |
lm_alpha-numeric#1-7_0_23680x23656320_OSF | 172 MB | Download |
sha1_loweralpha-numeric#1-6_0_4235x3708576_OSF | 20.4 MB | Download |
The rainbow tables can also be purchased as a set pre-loaded onto a hard disk.
Installing the Rainbow Tables
To install the Rainbow Tables, you must download the individual zip files (linked above), and unzip them into the RainbowTables folder located in the OSForensics program data folder.
On Vista, Windows 7-10, and Server 2008 and up, this would typically be the following folder (you may need to enable viewing of hidden directories to see it or enter it directly into the Explorer address bar):
C:ProgramDataPassMarkOSForensicsRainbowTables
C:ProgramDataPassMarkOSForensicsRainbowTables
On XP and Server 2000/2003, it is typically something like this:
C:Documents and SettingsAll UsersApplication DataPassMarkOSForensicsRainbowTables
C:Documents and SettingsAll UsersApplication DataPassMarkOSForensicsRainbowTables
If you already have OSForensics open, then you may need to click the 'Refresh' button under the rainbow tables display window to view the rainbow table/s you have added.
Home > Articles > Apple > Operating Systems
␡- Hardware Write Blockers
Page 1 of 4Next >
Part 1 of Ryan Faas' security series discussed the processes behind investigating inappropriate or criminal activities using data forensics, including the importance of not contaminating evidence by acquiring and working with forensic-quality disk images of affected hard drives. This article moves from the basic methods for performing a forensic investigation under Mac OS X to profiling the various tools that are available to perform such investigative work.
Like this article? We recommend Real World Mac Maintenance and Backups
Like this article? We recommend
Like this article? We recommend
Forensic Tools For Mac Ipod And Iphone
Hardware Write Blockers
Write blockers are physical devices that attach to SCSI, IDE, and SATA hard drives at one end and to a computer via FireWire or USB 2.0 on the other end. Similar to external drive enclosures, write blockers have one important additional feature: they prevent the computer from writing any data to the drive. As discussed in part 1 of this series, one of the principal rules of forensic investigation is to not contaminate your evidence, which even mounting a hard drive under normal conditions with Mac OS X (and most other operating systems) will do. While there are methods to acquire a disk image or copy of a disk using Mac OS X without using a write blocker, those methods are not foolproof and it is possible to accidentally mount or modify the evidentiary drive. Write blockers ensure that you cannot contaminate the drive and offer a way to prove that fact. They range in price from around $100 to upward of $500 depending on the features included.
Related Resources
Forensic Tools For Mac
- Book $55.99
Autopsy Mac Os
- eBook (Watermarked) $55.99
Forensic Tools For Mac
- Web Edition $55.99