M1 MacBook and Forensics
Рет қаралды 8,335
2 жыл бұрынDo you need data recovery? Do you want to be featured in one of my videos? Contact me via email info@datarescuelabs.com
You can also find me at forensicguy.ca
Digital collector - A life saver with new M1 MacBooks
-------------------------------------------------------------------------------------
Links:
-------------------------------------------------------------------------------------
TikTok: / forensicguy
Instagram: / datarescuelabs.inc
Facebook: / datarescuelabs
-------------------------------------------------------------------------------------
Some of the tools that we use:
ruSolut Monolith adapter
ruSolut eMMC Adapters
ruSolut TSOP adapter
ruSolut Visual Nand Reconstructor
FlashExtractor
Z3X EasyJtag + UFS
JBC NANO
Hakko Soldering Iron FM-203
Hakko Rework Station 810B
Quick 8610W Rework Station
ACHI IR6500 BGA Station
PC-3000 UDMA
PC-3000 Portable III +SSD and nVMe
DeepSpar 3
DeepSpar 4
DeepSpar DPI PCI-E NVME Addon
DeepSpar Forensic Addon
DeepSpar Network Addon
ZXW Tools
Adobe Premiere CC
Adobe Photoshop CC
Camtasia Studio
Cellebrite UFED (Latest Version)
MSAB XRY
Magnet Forensics IEF
Magnet Axiom
X-Ways
FTK Imager
Various Linux Distros
-------------------------------------------------------------------------------------
Music:
Evil Needle - Dive chll.to/5ad90f75
cocabona - Daybreak chll.to/303c5685
Evil Needle, Misha - Dreams chll.to/d5cb0773
-------------------------------------------------------------------------------------
Stock footage:
Video by cottonbro from Pexels
Video by Kindel Media from Pexels
Video by RODNAE Productions from Pexels
Video by EKATERINA BOLOVTSOVA from Pexels
-------------------------------------------------------------------------------------
All graphics created by Data Rescue Labs
Need data recovery service? Forensic service?
Contact us today info@datarescuelabs.com
Data Rescue Labs Inc
145 Traders Blvd East Unit 8
Mississauga, Ontario
L4Z 3L3
Canada
Copyright (c) Data Rescue Labs Inc 2021
1-877-681-4131
www.datarescuelabs.com
#m1 #forensicguy #macbook #dfir
@fwd9609 2 жыл бұрын
Keep up the great videos. Looking forward to more forensic content!
@xkeyscore1120 2 жыл бұрын
Again, great insight buddy. Thank you so much.
@forensicguy 2 жыл бұрын
Thanks man!
@brycegnatek2642 11 ай бұрын
Can u make an updated video on how to forensically image the newest Apple computers with the T2 chip(because I know these are encrypted at rest so they cause a lot of troubles). I work as a forensic analyst and were having trouble trying to find an efficient and safe way to just pull the information with just reading it and not writing to the data? If so this would be greatly appreciated!
@zerodaydatarecoveryandfore1554 2 жыл бұрын
Nice video
@Datarecoveryguru1 2 жыл бұрын
"Do you read yours?!?" Hahaaha, good one
@forensicguy 2 жыл бұрын
😆😆
@315HUGHES 2 жыл бұрын
Did the user account you were able to view the contents of have a password/encryption set on it? I'm curious to know how digital collector was able to see items like chrome/firefox etc were able to be retrieved. Thanks, great videos as always.
@forensicguy 2 жыл бұрын
You’ll need the password it user has FileVault enabled
@Amm9 2 жыл бұрын
Had to image an M1 Macbook Air today using the same tool. I had to put the source device into TDM (Terminology may be off; I don't remember the exact name right now... long day), connect the host computer via USB-C, and collect system data. The tools manufacturer recommends imaging less than 100GB and creating separate images for system and user data. If anyone wants an update, let me know!
@RG6Snipers 2 жыл бұрын
Yes! Thank you for providing the answer in the comments, is it still called TDM? Or is it now recovery mode?
@Amm9 2 жыл бұрын
@@RG6Snipers I believe it is called recovery mode. M1 acquisition is a long process, and I needed to image the system data separate from user data. It was a success, ingested both images into a forensic platform and currently performing a malware analysis on the computer! I love forensics lol
@erikfranti 8 ай бұрын
It’s still called Target Disk Mode I believe. Recovery mode is different (gives you recovery options, startup items, etc.)
@cesarunlock8213 2 жыл бұрын
I'm interested in that UFED tool!
@cesarunlock8213 2 жыл бұрын
I have the UFED ☺️
@Ginric99 Жыл бұрын
I am guessing that even with the new tool the chances of recovering deleted files from the SSD is still almost zero because of trim/garbage collection?
@forensicguy Жыл бұрын
Chances are low, can still be recovered in some scenarios
@danielgrevan 2 жыл бұрын
Are the SSDs soldered on these MacBooks or because of the M1 encryption it's not possible to read the drive outside of the machine?
@forensicguy 2 жыл бұрын
Yes :(
@stolzoffd9761 2 жыл бұрын
What to do when the M1 macbook air is formatted and how to acquire the data. Need help.
@forensicguy 2 жыл бұрын
It’s gone :(
@MrThebigcheese123 2 жыл бұрын
Trying to get these tools but no price anywhere. Makes it hard to quantify overhead costs when these companies cant give you a rough figure without you having to sign yourself up for a sale. What happened to quotes haha.
@forensicguy 2 жыл бұрын
You have to email sales for a quote. All tools are like this, no one wants to list the price. I hate that too but that’s how it is unfortunately
@MrThebigcheese123 2 жыл бұрын
@@forensicguy Thanks for the fast reply! Ah, I know. It is funny how they determine the price depending on how important they think you are. Some people pay difference of £500-1000 for the same product haha. I wonder how they quantify the price from customer to customer.
@patrikh3576 5 ай бұрын
Could you get into a MacBook with FileVault? With a 15 digit alphanumeric password with both letters and numbers? And what if you take the hard drive out?
@forensicguy 2 ай бұрын
FileVault is extremely hard to crack, as most full disk encryption would be, even BitLocker with TPM which is almost impossible but doable with the right tools
@user-dn5qe8qb7z 2 жыл бұрын
Is it possible to recover deleted files after emptying trash on mac with trim ssd enabled/support? It'd be great if you can reply before i send my mac for a recovery service :((
@forensicguy 2 жыл бұрын
Depends on os, ssd and other factors but usually if it’s a modern mac then it’s less likely. I have videos on this topic
@RG6Snipers 2 жыл бұрын
You didn’t image an M1 MacBook? It requires a different procedure from booting to collector…
@forensicguy 2 жыл бұрын
That’s right, I said that in the video that I don’t have m1 to demonstrate on. Definitely watch for more on this subject in the near future
@Matschbacke25 2 жыл бұрын
What if FIleVault encrypted?
@forensicguy 2 жыл бұрын
Password will be needed unfortunately
@Mitikinho 2 жыл бұрын
Any chance of recovering any data after a factory reset from a encrypted phone?
@forensicguy 2 жыл бұрын
No chance
@levinszki Жыл бұрын
was that an iphone?
@MikeHunt-rw4gf 2 жыл бұрын
Algorithm. Thanks for the mention. Now I'm famous :)
@forensicguy 2 жыл бұрын
I really appreciate it brother!
@MikeHunt-rw4gf 2 жыл бұрын
@@forensicguy You're welcome.
@Boosted00 2 жыл бұрын
First two weeks in a row
@forensicguy 2 жыл бұрын
Damn! Nice!
@harshanisamarawickrama2209 2 жыл бұрын
Second. Hmmmm. Mr Stanko If you give Us gifts 📦 For This We will Try to Be First. ❤️. Nice Video. 😂 🤣 😅
@forensicguy 2 жыл бұрын
Haha You were almost first
@harshanisamarawickrama2209 2 жыл бұрын
@@forensicguy Thanks Mr Stanko. 💪 😎 😂 😂
Data Rescue Labs Inc.(ForensicGuy)
Рет қаралды 81 М.
KiKiDo
Рет қаралды 2,6 МЛН
Data Rescue Labs Inc.(ForensicGuy)
Рет қаралды 7 М.
SUMURI Forensics
Рет қаралды 2,9 М.
Data Rescue Labs Inc.(ForensicGuy)
Рет қаралды 1,1 М.
Vancouver Mac Service Centre
Рет қаралды 254 М.