Skip to content

1.2.0 - Recovery mode

Latest
Latest

Choose a tag to compare

View all tags
@Lazza Lazza released this 14 Feb 23:28
· 4 commits to master since this release
1.2.0
cc5bc7b

Fuji: Forensic Unattended Juicy Imaging

Recovery mode

Version 1.2.0 introduces a brand new way of running Fuji from an external USB device on both Apple Silicon and Intel Macs. The Fuji Cartridge can be started and then removed from the Mac, freeing a USB port and letting you start multiple Macs with Fuji in recovery mode, one after the other.

If the Mac does not use FileVault you will not need the user's credential.

The Sysdiagnose acquisition method now produces a ZIP file, includes many more logs and converts them to JSONL.

Enhancements and bug fixes

This release includes a lot of enhancements and bug fixes:

  • RAM-disk self-replication: Fuji replicates itself into a RAM-disk when run in recovery mode. This means you can disconnect and reuse your Fuji Cartridge drive.
  • Ditto acquisition method: This method is an alternative for Rsync, enabled only in recovery mode. This is the suggested method to use when running your Fuji Cartridge drive.
  • Automatic cleanup: Useless temporary files are not retained anymore after acquisition is completed.
  • Easier user interface: Only one method description is shown at any given time. The "output destination" field has been moved above the "temporary files" one, because the latter is usually left to the same default value.
  • Data volume selection: Fuji automatically selects the user data volume instead of the root drive. This is the recommended setting for "Full File System" style acquisitions.
  • Better colors: previous versions used very harsh shades of green and red.
  • Unified logs: many more logs are acquired now.
  • Sysdiagnose method: it produces a ZIP file instead of a DMG. SQLite has been abandoned in favor of JSONL, making Fuji easily interoperable with tools such as Timesketch. Moreover, the conversion takes a lot less time than before.
  • Acquisition timezones: start and end dates show a timezone now.
  • ASR method: the ASR method is no longer recommended due to occasional issues encountered by several users.
  • Enhanced build procedure: the new DMG format can be flashed with balenaEtcher.

Brand new docs

Please check out the new documentation website: https://fujiapp.top

Assets 3
Loading