It is highly recommended, whenever possible, to use Apple-native disk images (.dmg or .sparseimage) when processing using MacOS-based forensic tools such as RECON LAB.

Non-Apple-native forensic image formats require the use of a translator, such as FUSE for MacOS, and should be avoided when possible.

When attempting to mount any non-Apple-native disk images while using RECON LAB, please check the following for each and every case:

1. Make sure that you have the most current version of FUSE for MacOS installed. When installing, please be sure to give permission through System Settings > Privacy & Security. If you do not give permission, you will not be able to mount EWF formats.
2. Check to make sure that FUSE for MacOS is installed properly. Even if it says "successful," check to see if the libraries exist in /usr/local/lib by running the following command from the Terminal: $ ls /usr/local/lib/*fuse* If the libfuse libraries do not appear remove FUSE and reinstall.
3. Check to make sure Full Disk Access is provided to RECON LAB through System Settings > Privacy & Security > Full Disk Access.

Occasionally MacOS will uncheck permitted applications during OS updates and patches. It is good practice to check that Full Disk Access permissions are provided before working on each and every case.