To investigate a stolen device, you can use the free tools provided by the Mac OS X forensics community. Using these tools, you can obtain the full details of a suspect's device. For example, a phone forensics tool such as Autopsy will recover messages and call logs. Additionally, you can also access photographs. Some of these programs are even capable of analyzing geolocation metadata. You can even see who the suspect chatted with on the Internet, and what websites they visited.
One such application is Disk Arbitrator, a forensic utility for Mac OS X that helps ensure proper forensic procedures are followed when imaging a machine. Disk Arbitrator is an interface to the Disk Arbitration framework, which lets a program participate in the management of block storage devices. It prevents automatic mounting of file systems, preventing them from mounting as read-write, and performing other tasks. Volafox, formerly known as the Mac OS X Memory Analysis Toolkit, is another incredibly useful archiving tool. It can analyze backup logs and SetupAPI logs.
Other free mac forensic tools include Autopsy and Magnet Encrypted Disk Detector. This latter tool is a command-line application that searches a physical disk for encrypted volumes and helps locate them. It can also help identify malicious files. Some of these tools have very powerful features. However, they are not without limitations. So, be prepared to spend some time researching these applications and getting the most out of them.
FTK Imager is another free Mac forensic tool. This tool allows you to examine the contents of a file or folder. It is also capable of generating forensic images. You can use this tool to review information extracted from files. It can even create hashes for them, which can help you identify malicious activity. In addition to these, FTK Imager can help you recover deleted files from Recycle Bins.
Apart from the forensic tools, you can also use Linux dd to create a raw image of a file or folder. With this tool, you can capture the contents of a file or folder without modifying the data. Then, you can analyze the image by searching for hidden files in the directory. With this, you can also get the location of an attacker's target PC. You can easily find the IP address of the suspect with this tool.
The forensic tools available in the Mac OS X are largely categorized by type. There are several applications available for detecting cybercrime. Some are useful in analyzing emails and other documents, while others are simply used to scan files and directory images. Some of these programs are useful for a wide variety of tasks. If you need to recover a password, FTK Imager is an excellent choice. With this program, you can perform a search of any mac OS forensic tool.