Configuring Enterprise to collect from the macOS managed Agent : Support Portal

Configuring Enterprise to collect from the macOS managed Agent Print

Modified on: Tue, Dec 21, 2021 at 10:23 AM

Overview

This article discusses how to configure Enterprise 7.3 or later to collect from the macOS Managed Agent.

A working Forensic Tools environment with Enterprise, Quin-C, and QView installed on the same machine
Enterprise and Quin-C configured to use internal authentication, not Active Directory authentication
An installed macOS Managed Agent
The target added as a Mac to the Agent List in Enterprise
Ability for the Examiner machine to see the macOS target over the desired port
A network share that both the Examiner machine and macOS target can see

In your desired case, go to Evidence > Add Remote Mac Data...
At the Mac Agent Collection dialog, select the desired target and click Connect to Agent
Click the gear icon in the upper-right corner
At the Disk Image Path dialog, specify a network share that both the Examiner machine and macOS target can see, and an account with full access to that share, and click OK
Proceed to select the folders, files, or volume you wish to collect/image
Click the Review button to verify what you wish to collect, and start the collection

Did you find it helpful? Yes No