Digital Collector (原為 MacQuisition)

強大的法醫成像軟體解決方案，用於Windows和Mac電腦執行分類，即時數據採集和目標數據收集。

這是一種功能強大且功能完備的分類和數據收集工具。作為當今市場上唯一為 Windows 和 Mac 提供即時和死盒成像 (dead box imaging) 的數位智慧解決方案，Digital Collector是數位智慧工具箱中必用的工具。專為調查人員在現場或實驗室中進行快速分類和分析而設計。

特色

Triage Devices

• Determine if relevant data exists prior to imaging
• Browse through files and folders of the device and any connected storage
• Search for data on devices with advanced search features
• See file previews of images on Windows computers and all file types supported by Mac computers
• Select files and folders to collect while triaging with the Browser and Search views

Perform Targeted Data Collection

• Selectively acquire email, chat, address book, and other data on a per-user, per-volume basis
• Create physical images of Macs with the Apple T2 chip
• Target and forensically acquire files, folders, and user directories while avoiding known system files and other unneeded data
• Authenticate collected data using any or all MD5, SHA-1, or SHA-256 hash functions 

Collect from Live Systems

• Capture RAM, volatile memory, and targeted collections live on Catalina
• Capture important live data such as Internet, chat, and multimedia files in real time
• Save live collections to a forensically-sound destination device 

Create Forensic Images

• Support for imaging APFS Fusion drives
• Automatically recognizes a combined volume from a Fusion Drive and presents it for imaging
• Decrypt FileVault 2 volumes if the password, Keychain file, or recovery key is provided, and then mount the volume as read-only to allow triage, collection of specific files, or imaging
• Write-protect source devices while maintaining read-write access on destination devices 

系統需求

System Compatibility & Requirements
Digital Collector will run on live Windows computers with 64-bit hardware running Windows 10, version 1909 and newer. It will forensically boot Windows computers running Windows 10 and may start older Windows operating systems.

It is officially supported to run on live Mac computers with these operating systems.

• macOS Catalina 10.15
• macOS Mojave 10.14
• macOS High Sierra 10.13
• macOS Sierra 10.12
• OS X El Capitan 10.11

While Digital Collector may run on older versions of Mac operating systems, it is no longer officially supported.

Digital Collector will forensically boot Mac computer models made from 2015 through 2019. If you need to work with older Mac computers, you may downgrade the SSD to the previous version.

SOFTBLOCK

SoftBlock™是一種基於軟體的取證寫入阻止工具。SoftBlock可快速識別新連接的硬體設備，並根據用戶偏好使用只讀或讀寫權限安裝設備。該取證軟體旨在滿足大型數位取證實驗室和個人法醫從業者的需求。SoftBlock允許取證審查員在導入數據之前快速安全地預覽證據設備上包含的數據。SoftBlock可以在法醫檢查員的分析機器上運行; 不需要額外的昂貴或笨重的硬體。

特色

Quickly Identify Attached Hardware Devices

• Support For Mac Os X SoftBlock runs on OS X 10.9.5 – macOS 10.14.6.
• Scalability SoftBlock handles as many hardware devices as a forensic analysis machine allows.
• Mobility Avoid purchasing expensive write-blocking hardware. SoftBlock blocks data transfer at the kernel-level.
• Device Management A true time-saver. Quickly and safely mount and preview multiple external devices.
• Seamless Workflow Integration SoftBlock features an intuitive user interface. Once installed, SoftBlock runs in the background and is available for use on demand.