MacForensicsLab™ is the most powerful and cost-effective forensics tool on the market specifically designed to meet the demands of modern law enforcement and digital forensic investigators. In a world of limited resources and increasing demands, you may want more than one tool in your investigative toolbox, but you only need one; MacForensicsLab from SubRosaSoft.
Evidentiary integrity is maintained and protected with the utmost care. Fast, fault tolerant, verifiable acquisitions produce a reliable bit-for-bit exact replica of the original media, while maximizing data recovery, even with corrupted media. These forensic images are created with integrated segmenting and granular hashing. Inline processing allows for the creation of dual output images and associated hash files, reducing the time the forensic examiner spends in the data acquisition phase.
Featuring the most powerful data recovery engine on the market. MacForensicsLab allows forensics professionals to find and recover deleted and embedded files – then preview and recover them. Even swap space and unallocated space can be explored for evidence. MacForensicsLab finds the evidence you need.
A multi-threaded application optimized for use with either industry standard SQL database servers or the built-in database engine enables investigative collaboration by allowing investigators to simultaneously access and process any given case. Logs are kept of every action performed, every item found, and freeform notes can be taken during the case to tie them all together with your thoughts during the process. These can then be exported in HTML reports at any stage of the investigation.
Advanced image analysis technologies allows thumbnails and previews of graphic images to be automatically filtered by skin tone content, image, and file sizes, to quickly expose suspicious material. Files of interest can be bookmarked with a simple key stroke for more in depth analysis.
Keyword analysis and cataloging includes MD5, SHA-1, and SHA-256 checksum calculations. This allows the investigator to seek out items of interest across entire devices, within folders of files, and directly inside specific files. The catalog function has pattern matching for hash lists and searches for possible SSN numbers and Credit Card numbers.
Powerful auditing of the user’s preferences and settings greatly reduces the time spent by the investigator collecting and collating information of evidentiary value. This enhances and speeds up the process of tying the suspect to the machine or specific actions, into a single click of the mouse. Investigators can use this function to tell what the suspect has been using and doing on their system, including Wi-Fi connections, iPods, iPads, iPhones, web history and bookmarks, and general system preferences.
The ‘Hash’ function allows the examiner to perform an MD5, SHA-1 and SHA-256 hash on any given file located on the volume while exporting the results with the full path to a text file for easy reference.
- Extremely fast and verifiable media acquisition and data recovery.
- Multiple operations/tasks can be done at the same time.
- Perfect acquisition of devices that retain every detail of the original media. recovering
- The most powerful data recovery engine on the market increases the chance of data, even
- when the drive is damaged.
- Perform forensic acquisition and analysis on drives from Mac, Microsoft Windows, Linux, and other operating systems.
- Highly detailed logs to provide the investigator with as much information as possible when reporting.
- The unique Skin Tone Analyzer and fast traversal with file filtering means you don’t waste critical time searching unrelated files, allowing you to quickly find files of evidentiary value.
- Built-in SQL database engine for speed and collaboration.
- Built-in file viewing to preview documents.
- Right click functionality and contextual menus create a more logical expedient workflow.
System Requirements for Macintosh:
- System 10.6 or higher
- Macintosh with Intel processor
- 1GB RAM
- Second hard disk for storing recovered data
- USB port for USB license dongle (supplied with MacForensicsLab)