To better facilitate the viewing on modern devices, the OSX Forensics Blog has been changed to be viewable on any mobile devices, even the standard page is pretty cool, allows for the use of gestures on modern tablets.
Katana Forensics now has a Law Enforcement Version and a public Version of Lantern Lite – “The iOS Physical Imager” Now everyone has the capacity to image iOS Devices. All ranges of Forensics and Security have the ability to analyze these devices. See the details at http://www.katanaforensics.com.
Now in until Sat. Nov. 26, 2011 Katana Forensics is having a black Friday sale. 10% off on the popular Lantern iOS Forensic Software. You’ll never see this offer again!!! GET IT HERE —>Katana Store
Katana Forensics has updated its FREE time converter application. This time it converts Mac Absolute Time and Unix Epoch Time. Most can’t distinguish which is which. This updated app already knows and converts the values on the fly. Just copy and paste. Visit http://www.katanaforensics.com and get the FREE application. Another tool for your war chest.
Lantern Lite, the open source project has taken its first step. It was released to Law Enforcement. After some modifications and improvements, the utility will be released to the public. Security professionals will finally have access to a free tool to examine iDevices.
This is meant for all that do forensics, and keeping it free and away from forensic tool makers that can’t innovate, just copy. The days of paying to image an iDevice is over. It is parsing the data where one uses grey matter.
Further information can be seen at www.lanternlite.org
Below is a PDF on how to bring in an image created by MPE+ and Parsed by Lantern 2.0
My good friend Shafik Punja asked “Remember how you showed me to take a Lantern case file and bring it into Encase?” I responded that I did remember showing him how to do it. Shafik he asked me to place this blog so that others can benefit from this as well. So here it is using a case folder using the new Lantern 2. This will also work using FTK. Unfortunately I do not have FTK running in my VM, so this method can also work the same way. For this demonstration I am using Parallels. Just like it better now, but again, if you have VMware Fusion, this will work also.
1. Acquire an iDevice using Lantern.
2. Start you Windows virtual machine
3. Depending on your VM software, set up file sharing
4. Copy the Lantern case file (the icon that looks like a briefcase) and bring it into Windows. As you see in the following figure, the case file looks like a file folder. The Lantern case file in 2.0 is an Apple/Mac package. Basically a folder. Windows 7 sees this package as a folder.
5. Open You windows base forensic tool, in this demonstration open Encase and create a case.
6. Then just drag and drop the Lantern folder into Encase as seen below,
7. Then you can run whatever process you care to do at this time. It is just that simple!
For older Lantern version 1 case files. It is essential a Zip file. Just unzip the files and bring them into Encase or FTK using the same method as described above. If you have any questions drop me an email. info@katanaforensics.com
Here is a short PDF on imaging the MacBook Air wth WinFE+FTK Imager
Interesting read,
http://www.llrmi.com/articles/legal_update/2011_co_schutter.shtml
