FOR518 Ex 0 G01 01
FOR518 Ex 0 G01 01
Objectives
• Install required software for FOR518: Mac and iOS Forensic Analysis and Incident Response
Class Preparation
This process should take approximately 1 hour, including download time. Xcode is very large will take a long
time to download; depending on your connection, this process could take longer.
You may use your host system or a virtual machine; however, this setup has not been fully tested in a VM. If
you choose to go this route, please be aware that not all tools may work as intended.
***NOTE: It is very important that steps 1–5 are followed in order to ensure proper software installation.***
You may download the files at their respective websites listed or you may download an archive of these files
here: http://for518.com/tools (excludes tools that are too large or needs to be done online). If you are in
class, the Tools directory on your thumb drives will provide these tools. Please use the application "The
Unarchiver" to extract the 7zip files (included on thumb drive).
Gatekeeper Settings:
• Some installer files are from “Unidentified Developers” or “Not from the App Store.”
• Users may allow these files to be installed by Control+clicking the installer file and choosing “Open.” A
window will pop-up; select “Open.”
2. Please also download the latest Command Line Tools (for your version of the OS) from
https://developer.apple.com/downloads/
i. You may have to go click “More Downloads” to access older versions.
3. Install Xcode (Note: This will take a while; grab some coffee.)
i. If installing via App Store, installation will be done for you.
ii. If installing via DMG file, open the DMG file and drag the application to the
/Applications directory.
2. macFUSE
1. Download macFUSE from https://osxfuse.github.io
2. Open the DMG file, double-click the package installer, and follow the default prompts.
$ mkdir -p /Library/Filesystems/osxfusefs.fs/Support/osxfusefs.kext
$ cd ~/Downloads
© 2021 Sarah Edwards FOR518 Lab 0 - 3
$ tar -xvf sleuthkit-4.#.#.tar.gz
$ cd sleuthkit-#.#.#
$ ./configure --disable-java
$ make
$ mmls –i list
6. Hex Editors
• You may choose your favorite; these are recommended:
i. Hex Fiend
1. Download from http://ridiculousfish.com/hexfiend/.
2. Unzip and move the application to the /Applications directory.
ii. 0xED
1. Download from http://www.suavetech.com/0xed/.
2. Open the BZip2 archive by double clicking, then move the application to the
/Applications directory.
7. The Unarchiver
1. Download The Unarchiver from the Mac App Store or from
http://unarchiver.c3.cx/unarchiver, under the “Other Links” heading.
2. Double-click to unzip.
3. Drag the Unarchiver.app file to the /Applications directory.
8. Homebrew
1. Download the Mac package manager Homebrew from https://brew.sh/.
2. This web page will contain a script that you need to copy and paste into your Terminal window.
9. Volatility
1. Change directory back to your home directory using the ‘cd’ command.
2. Download and install Volatility using Homebrew.
3. Use the brew install command to do this.
1. brew install volatility
$ cd ~
$ cd ~