Name: Sumuri Recon
Mac Platform: Intel
OS version: 10.10.3
Processor type(s) & speed: na
RAM minimum: na
Video RAM: na
See text file for installation instructions. Tested on 10.10.3 and 10.8.5.
Recon from Sumuri is an application to triage OS X evidence. The application is preconfigured to find evidentiary artifacts on OS X 10.7 and later.
Designed for both the novice and advanced forensic examiner and/or investigator. RECON for Mac OS X contains powerful features in a simplistic interface. Simple configuration and fast results.
THE FUTURE OF MAC FORENSICS
Advanced output that can produce thousands of reports. Simple configuration and fast results. Engineered by SUMURI, a world leader in Macintosh and iOS forensics.
RECON for Mac OS X is designed to complete cases in minutes, not days or weeks.
RECON for Mac OS X is a single distribution that works in the field on live systems and also back at the lab to allow analysis of all popular forensic image formats.
RECON for Mac OS X can collect information from live running systems, write-protected hard drives or forensic images.
Preconfigured to find evidentiary artifacts quickly on Mac OS X filesystems (10.7 and above).
Rapid release schedule for updates and new module development.
Reporting formats – PDF, HTML, CSV and XML
Advanced Timeline Analysis.
Track and view a suspect’s location.
Recover user and system passwords.
Identify the origin of files.
Automatic chat timeline construction for iMessages and Skype.
Ability to customize and save templates.
Built-in virtual mounting for DMG and Expert Witness formats such as .e01 and .Ex01.
Advanced and in-module File Exporter.
Custom Plugin development available.
Identify and export Virtual Machines.
Volatile Data collection.
Ability to run against Time Machine backups