If you are interested in making a Kali bootable USB drive for the Mac, I have included some brief instructions at the bottom of the post. While I did get Kali to work, it did not seem to offer the extra protection that CAINE did to keep the examiner for inadvertently mounting the wrong drive. dev/sda), in Read-Only mode.' The examiner must take active steps, which includes nice Made specifically for computer forensics. CAINE stands for Computer Aided Investigated Environment.
Once booted into Linux, an imaging tool with a GUI, like Guymager, can be used to create an image in E01 or dd format.įor this post, I have selected the CAINE distro. If the Mac is already powered off, booting the Mac with a live Linux distro may be a good option. Many times cracking open something like a MacBook Air to grab a hard drive requires special tools and adapters which may not be readily available. The first option I am going to go walk through is imaging a Mac with a Live Linux bootable USB.