Chapter 9. Media Exploitation Analysis

The Mac is the best platform to conduct any examination of OS X and iOS volumes. Although some Windows tool are getting better, there is no substitute for a Mac, which can view file types that Windows can't discern. Inherently Windows can't read HFS volumes and often requires third-party applications to mount and then view the data.

In this chapter, we will review some of the techniques and tools that can be used to analyze physical images. We will discuss tools on the Mac and delve into Mac and Windows forensic tools such as MacForensicsLab, EnCase, and FTK.

Reviewing Exploited Media Using a Mac

In Chapter 5, we discussed looking at artifacts retrieved from logical analysis tools. In Chapter 8, we covered several ...

Get iOS Forensic Analysis for iPhone, iPad, and iPod touch now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

iOS Forensic Analysis for iPhone, iPad, and iPod touch by

Chapter 9. Media Exploitation Analysis

Reviewing Exploited Media Using a Mac

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly