Home |  Log In  
Forensics and eDiscovery technologies for Mac OS X, Microsoft Windows, and Linux

Creating A Bootable Drive For MacForensicsLab Using DasBoot

Bootable acquisition drives are very handy for onsite acquisitions of suspect material. Creating a bootable acquisition drive for MacForensicsLab will allow the investigator to simply boot the suspect Mac from their bootable acquisition drive and acquire an image of the machine right to the acquisition drive. With SubRosaSoft.com's free utility DasBoot and the MacForensicsLab dual-boot DVD, an investigator can create their own forensic acquisition drive using any external FireWire or USB drive, large flash drive, or MP3 player. Here's how:

  1. First download SubRosaSoft.com's free DasBoot from the SubRosaSoft.com website.
  2. Install DasBoot, insert your MacForensicsLab dual-boot DVD into your machine, and connect your desired acquisition drive. Be aware that only Intel Macs can boot from USB so it may be wise to use a FireWire drive. Note: You must use the MacForensicsLab dual-boot DVD for two reasons. First it has been modified to boot both PowerPC and Intel based Macs. Most importantly, it has been specially modified not to mount or write to suspect drives when booted from (using other bootable CD/DVDs will cause the suspect drive to be mounted and written to, there-by compromising the forensic integrity of the drive).

    3. Creating a bootable forensics toolkit using a portable hard drive, ipod, or flash drive.

  3. Select the MacForensicsLab dual-boot DVD from the Source drop down menu. Then select your desired acquisition drive from the Destination menu (you may have to scroll down to find it).
  4. Drag and drop the MacForensicsLab application to the Applications area of DasBoot and it will be added to your list of software to be installed on your drive. By default some system tools such as Disk Utility, Terminal, and Console are added. You can simply click on the applications that you don't want to be installed. A red "X" will tell you they will not be included. You can also add additional applications by dragging and dropping them in the Applications area just as you added MacForensicsLab.
  5. Click the "Start the DasBoot process." button and your bootable acquisition drive will be created.

You can now boot from your acquisition drive by connecting it to the suspect Mac while it is shut down. Start the machine and hold the Option key. The system will prompt you to select a boot drive. Select your acquisition drive and the machine will boot from it. It has started, simply select MacForensicsLab from the applications listing and proceed with your investigation as usual.


Product 5/19

Boot A Mac From CD/DVDPrevious
Return to the Product List
NextCreating a Custom Bookmarks Folder in MacForensicsLab 2.9
 | Home | 

Copyright © 2006 - 2010 MacForensicsLab Inc.
Phone +1 (510) 870-7883 - Fax +1 (510) 868 3407
Mac and the Mac logo are trademarks of Apple Computer, Inc., registered in the U.S. and other countries.

Forensics Technologies - designed to perform investigations, for law enforcement and eDiscovery professionals.

MacForensicsLab - The only effective cross-platform weapon in the war on Cyber Crime and Digital Terrorism,
with unique tools designed to combat identity theft and child pornography.

Your IP Address is: 107.22.25.119