Fuji
Graphical interface for the forensic logical acquisition of Mac computers
GPL-3.0 License
Stars
41
Ecosystems:
macOS
Bot releases are visible (Hide)
Fuji: Forensic Unattended Juicy Imaging
Sysdiagnose and more
This release includes several enhancements and bug fixes, along with a few interesting new features:
-
Sysdiagnose acquisition method (#10): This new functionality acquires system data and unified logs using the
sysdiagnosecommand. Fuji will automatically convert the Unified Logs to SQLite for you, making analysis much easier. -
List of drives and partitions (#15): Fuji now includes a table of drives and partitions, along with information about them. Mounted partitions can be set as the source with a single click. Thanks to @BrunoFischerGermany for the suggestion (#12) and the initial proof-of-concept implementation (#13). The "used space" for the main
/mount point is estimated by examining the state of the whole APFS container. - Better support for old macOS versions (#14): The ASR and Rsync acquisition methods have been tested successfully even on macOS versions as old as 10.13 High Sierra (released in 2017). See also #8. Please note that the Sysdiagnose acquisition method needs more testing and verification on legacy OSes.
⚠️ Carefully read the README file before using this software. ⚠️
Fuji
- 1.0.0 - First public release
Published by Lazza 5 months ago
Fuji: Forensic Unattended Juicy Imaging
First public release
This is the first public release of Fuji, a logical acquisition tool for Mac computers. It includes two different modes:
-
ASR: Apple Software Restore logical acquisition.
This is the recommended option, but it works only for volumes. -
Rsync: Files and directories are copied using Rsync.
This is slower but it can be used on any source directory. Errors are ignored.
Carefully read the README file before using this software.