用户寻求免费工具分析iPad5的APFS格式物理镜像,Autopsy无法识别APFS。通过SSH连接jailbroken设备获取30GB镜像,需支持解析和文件 carving。 2025-4-24 00:26:50 Author: www.reddit.com(查看原文) 阅读量:6 收藏
Dedicated to the branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. This field involves the application of several information security principles and aims to provide for attribution and event reconstruction following forth from audit processes. This subreddit is not limited to just personal computers and encompasses all media that may also fall under digital forensics (e.g., cellphones, video, etc.).
Hi everyone,
I'm looking for a free forensic tool that can analyze a physical image in APFS format from a 5th generation iPad. I tried using Autopsy, but it throws an error when I try to load the image—it seems like it might not recognize APFS properly.
To acquire the disk image, I connected to a jailbroken iPad 5 from another Linux machine over SSH and used the dd command to copy rdisk1 to the Linux system. As far as I understand, rdisk1 represents the physical image of the iPad. The resulting file is about 30GB, and the file command identifies it as APFS, so I believe the image acquisition was successful.
Now I’m trying to find a tool that can actually parse or analyze this image. Ideally, I’m looking for something that’s good at carving files too. Any recommendations would be greatly appreciated!
Thanks in advance.
如有侵权请联系:admin#unsafe.sh