In continuing development of great digital forensics tools, 504ENSICS Labs is excited to release a new major update to our Spotlight Inspector tool, Spotlight Inspector v1.1 Beta, for public beta (link here). Spotlight Inspector aids in the analysis of OS X Spotlight databases, a great source of information on file metadata and usage on OS X computers.
We’ve performed some optimizations on the store.db parsing functionality, improving the speed of the application. Additionally, we reworked reports so that sorting and navigating is much faster and we’ve removed the limit on how many objects are shown in the results table. This fixes sorting to properly work on all results instead of only the first 5,000 objects. Tested and working with OS X Mavericks
Thanks to user feedback (we’re looking at you, @iamevltwin), we’ve identified and corrected an issue where some objects’ display names were being incorrectly parsed (often as “ja”).
So far we’ve taken some great steps in making Spotlight Inspector a complete and indispensable tool for digital forensics on OS X (we hope). We’re not stopping here of course – we will continue to refine the current functionality and add new and exciting features. These are just some of the things we have in development for future releases:
• Improvements to search functionality for quickly finding interesting information across any number of reports
• Refining the way reports are navigated to reduce clutter and improve workflow
• Compatibility with spotlight version one store.db files
• Command line interface
• Store.db file carving integration
Also, we’d love to hear from you if you have any feature requests or bug reports, or just to say hi. We can be reached at firstname.lastname@example.org.
The 504ENSICS Team