AIS, Inc. announces the availability of their newest software product, MacResponse LE™. MacResponse LE is designed to provide law enforcement with critical capabilities needed to reliably collect and analyze data from live computer systems running various versions of Mac OS X.
MacResponse LE was developed by AIS, Inc. through a National Institute of Justice (NIJ) Electronic Crime grant and is available for free.
Current Version Available: MacResponse LE™ v1.0
MacResponse LE™: Live Acquisition
MacResponse LE™: Live Acquisition includes the following modules:
- Disk Information
- Filesystem Information
- FileVault Detection
- Spotlight Application List
- Loaded Drivers
- Login Sessions
- Network Configuration
- Network Connections
- Physical Memory
- Process Information
- Property Lists
- Screenshot
- System Information
- System Date and Time
- User Information
Known Limitations:
- Physical Memory module does not currently work for OS X 10.7
- Physical Memory module requires admin privileges
- Process Information module collects limited data without admin privileges
- Spotlight Application List module carries a dependency to Mac’s Spotlight application
- The user can limit the effectiveness of this module by either disabling Spotlight, or by applying Spotlight filters to not show specific applications in the listing
Dependencies:
- None, assuming it is being run against one of the listed supported Mac OS X versions
MacResponse LE™: Analysis Console
MacResponse LE™: Analysis Console has been tested against the following operating systems:
- Mac OS X 10.6 (32 and 64 bit)
- Mac OS X 10.7 (64 bit)
- Windows XP (32 bit)
- Windows Vista (32 and 64 bit)
- Windows 7 (32 and 64 bit)
- Ubuntu Linux 11.04 (32 and 64 bit)
- Ubuntu Linux 11.10 (32 and 64 bit)
MacResponse LE™: Analysis Console provides a platform for viewing the data collected by the Live Acquisition component of MacResponse LE™, and for generating custom reports. The Analysis Console provides:
- Data viewing/browsing
- Custom report generation (include/exclude data from selected modules)
- PDF exports
Dependencies:
- MacResponse LE™: Analysis Console was built with Java SDK version 6, and requires a minimum of Java version 6 JVM running on the target operating system.
For more information, visit www.macresponseforensics.com.