Convert Raw To Dmg Mac

admin

On this Page:

I had need of this myself (Yes, it was acquired legally) and I realized I should put together a quick tutorial. Sorry for the cutoff at the end.

  1. The DMG file extension is associated with disk images created for Mac OS X. The DMG format has replaced older disk image formats used with Mac OS 9 and earlier versions of the operating system. DMG files are raw disk images that contain block data and may have one or two additional layers applied to add encryption and compression.
  2. All you really need to do is double-click the DMG file to open it and mount it to your Mac. The DMG mounts in two places: on your desktop and in the Finder sidebar under your hard drive. Clicking either one of these opens the DMG file. When you open a DMG file, you’ll usually see two things: the app and a link to your applications folder.

1: Introduction – About DD Converter

What is DD Converter?

DD Converter is a simple Macintosh application for quickly converting a dd image, supported by most of the computer forensics applications, to Macintosh dmg image. Both dd and dmg are RAW Image Format used to store a disk or volume image. The RAW Image Format is basically a bit-for-bit copy of the RAW data of either the disk or the volume, without any additions or deletions. DD Converter will also perform conversion of split RAW, or multiple segment files.

DD Converter is extremely straightforward to handle. The easy-to-use interface allows the conversion to complete in just a few clicks.

DD Converter Features

Written specifically for Mac OS X, DD Converter includes powerful features that give the investigator a quick and easy way to convert RAW data image between dd format and the Mac OS-centric dmg format.

DD Converter will just perform a rename of the original file and will not affect the HASH value of the file.

2: Getting Started – The Basics of DD Converter

System Requirements

DD Converter is programmed to run on the following minimum specification:

  • Intel based Dual Core Apple Macintosh CPU, that is capable of running
  • Mac OS X (version 10.6 or above), with at least
  • 1 GB of RAM
  • Hard Disk (with 30 mb of space free for installation)

Installing or Updating via Download

Once the software has been downloaded from the site and decompressed, the user can drag and drop DD Converter from the mounted disk image into the Applications folder. If prompted to replace the existing version of the file, click Replace.

Initial Setup

The first time the application is launched the user will be asked to accept the End User License Agreement and then to enter a valid registration number.

Having done entering the serial number the user will then be taken to the Main Window.

Finding Help & Technical Support

Should the investigator need assistance working with DD Converter, there are a number of sources through which to get help:

Help within DD Converter

The investigator can find from the Help drop menu, which offers the option to “Show Help”, taking the investigator other relevant web pages on the SubRosaSoft web site.

Technical Support

Our technical support is free via email and can be accessed at the following address: support@subrosasoft.com. The support hours are 10am to 6pm Pacific Standard Time Monday to Friday.

/kenneth-hagin-mp3-free-download.html. In addition to any support question(s), the investigator must include ALL of the following pieces of information:

  • Purchase information.
  • System configuration(s) – hard drive make, model etc.
  • System OS version.
Dmg

System related information can be found by using the “System Profiler” application in the /Applications/Utilities folder.

3: Using DD Converter – Navigating the Windows & Using the Functions

The Main Window

Immediately after start-up, the investigator will be presented with the DD Converter splash screen. Once this has disappeared, he or she will then be taken to the ‘Main Window’.

The Layout

The main window layout is extremely straight forward. One button to convert DD image to DMG image and vice versa. Once you click on the Convert DD <-> DMG button, a choose file window will pop up allowing you to select either dd image or dmg image. Click on Open will proceed to convert the image to the other format.


Selecting a dmg image to convert to dd

To convert from dd to dmg, make sure you remove the chain of custody text file before you run it.

DD Converter will just perform a rename of the original file and will not affect the HASH value of the file.

In order to view E01 files, you will need to convert them to dd (using FTK Imager or other conversion utilities), then from dd to dmg.

4: Appendices – Getting Help and Technical Support

Finding Help within DD Converter

Help can be found both via the standard help menu at the top of the screen.

On the Web

We provide over 100 links to forensic resources, manuals, a complete knowledge base and a plethora of additional information on our website. For updates, resources and additional information please visit: https://www.subrosasoft.com

Technical Support

We provide free technical support both via email or phone during the hours 10am to 6pm Pacific Standard Time (GMT -8) Monday to Friday. By email, we can be reached at the following address: support@subrosasoft.com. By phone, we can be reached at: +1 (510) 870 7883, or by fax on +1 (510) 868 3407.

In addition to any support question(s), the examiner must include ALL of the following pieces of information:

  • Valid purchase information.
  • System configuration(s) – hard drive make, model etc.
  • System OS version.
  • System related information can be found by using the “System Profiler” application in the -/Applications/Utilities folder.

Comments and Questions

If you have comments, problems, or questions about this product, or if you are interested in a site license, please contact us via email: info@subrosasoft.com

Company Address:

SubRosaSoft.com Inc.
5387 Diana Common
Fremont, California 94555

Apple introduced a disk image format in the name of DMG file. DMG files are known as the proprietary disk image file for Apple that is used generally on Mac OS machines. Therefore, most users are in the habit of keeping image backup of their system data in the form of DMG files. Thus, DMG files prove to be greatly helpful from forensics point of view during investigation of an Apple machine. Apple DMG file can be generated with the help of default provided utility with Mac OS - Disk Copy (v10.2) and Disk Utility in version 10.3 and later. This blog offers information on the internal structure and built of a DMG file, which will further help in its forensics investigation.

Apple Disk Image

Apple disk image comes with a MIME type - application/x-apple-disk image and the built includes multiple layers of security to safeguard the contents of the disk image. A DMG file is structured with a secure password and compression technology as it development and usage is done mainly with the purpose of sharing software over web. However, the interest behind this blog is to dig up DMG file for forensic concern.

Starting With DMG Forensics

Processing a DMG

Double clicking on a DMG file on a Mac OS X machine will mount it as a drive thus; the contents can be accessed like that in a folder. During forensic investigation, it is necessary to keep all aspects in consideration while processing any artifact. Investigators commonly prefer mounting DMG to examine the storage in it.

However, the process of mounting also makes exchange/transfer of files in and out of the DMG therefore developing a threat of evidence manipulation. Thus, in order ensure the integrity of evidence; it has to be secured with locking. DMG files can be locked ascertaining that no spoliation of evidence takes place while it is mounted. As far as DMG files are concerned, they are available in multiple types that an investigator must be well aware of before starting the investigation. Download ford as build data.

  • READ-ONLY DMG
  • COMPRESSED DMG
  • READ/WRITE DMG
  • DVD/CD MASTER DMG
  • HYBRID DMG (HFS+/ UDF/ISO)
  • SPARSE DMG
  • SPARSE BUNDLE DMG

Challenge During Investigation

Challenges are what trouble investigators by acting as a hurdle. Thus, the most common challenge an investigator is supposed to face is an 'encrypted DMG file'. Encryption of the DMG file makes it quite a task to parse through the contents within.

Fact : DMG files are protected by 128 bit or 256 bit of AES Encryption, if applied.

Convert Raw To Dmg Macro

The Loophole

It is true that Apple DMG files can be encrypted and at times, this acts as a hurdle during its investigation. However, another fact that passwords are automatically remembered by Disk Utility makes the file vulnerable.

By default when encrypting DMG file, the 'Remember Password in my Keychain' checkbox is checked on Disk Utility. Therefore, in most cases it is possible to find out the encryption key or crack it from the keychain file as the checkbox is usually neglected by users. Unless the option is unchecked, a copy of the key is saved in the keychain file on the same machine by Disk Utility. If the password is stored in a keychain file then a command line utility can be used for accessing it programmatically.

Otherwise, an encrypted DMG can be accessed with the help of a dictionary attack that may or may not be able to break its security.

Tip for DMG File Forensics

DMG files are best from forensic standpoint as they can be locked with password without the use of any external program for the same. The lock prevents the DMG file from being modified during forensics email examination in any way or by any bit. Mounted DMG file can be parsed through and investigated without the chance of changing its contents or even the metadata.

Technically a DMG file is no different from a raw format of .dd file. They both are the same while the only difference is encountered with their extension. Yet one can literally change a DD image to .dmg by renaming the extension and back to the same. However, this has risk of evidence spoliation especially with the metadata denoting the activity track. However, DMG files still have an added benefit on being accessed over an Apple machine, i.e. the file gets mounted with all of its data like a disk volume just with a double click.

Conclusion:

Convert Raw To Dmg Macros

A proprietary format, the DMG file can only be accessed and parsed on an Apple machine. However, the involvement of a third party application built to open dmg file in windows & to reverse engineer the structure can enable the possibility of accessing the file on a machine other than Apple Mac without the use of Disk Utility.