![]() First and foremost, we must determine if the computer is on or not. There are some necessary steps to perform prior to actually starting your collection. This tutorial also assumes that you have the necessary credentials to access the device It is assumed that you are already aware of them, and will follow them in every case. This tutorial does not get into evidence intake procedures. If this is your first time dealing with acquisition of Apple computers, now is not the time to practice on a real case. If, after reading this, there are still things you don’t understand, STOP before you START. This tutorial is about as simple and “step-by-step” as it gets. Read all instructions FIRST, before attempting. Instructions and screen shots are from El Capitan. This has NOT been tested on every Apple OS, but I have tested it on Mountain Lion, Mavericks, Yosemite, and El Capitan. The instructions below are designed to create a forensic image of a Mac Computer via the command line and Target Disk Mode, so that you don’t have to spend piles of money on acquisition programs. PI, GSEC, GCFE, GCFA, EnCE, BAI, CDRP, CEH
0 Comments
Leave a Reply. |