Our digital forensics lab receives Mac computers for examination more and more often. There are some powerfull forensic suites for OS X analysis, but also there are a lot of very useful open source tools and scripts. One of such scripts is MacMRU-Parser.

Have you ever dug for deleted shadow copies during your Windows forensic examination?

In this post we want to show you how to create Mac OS X memory image with Rekall’s OSXPMem tool.