A DFIR tool to collect artifacts on macOS
☆56Mar 1, 2020Updated 6 years ago
Alternatives and similar repositories for macOSTriageTool
Users that are interested in macOSTriageTool are comparing it to the libraries listed below
Sorting:
- macOS Artifact Intelligence Tool☆13Apr 30, 2019Updated 6 years ago
- A small tool to easily mount APFS image on macOS for forensics.☆16Jul 30, 2020Updated 5 years ago
- A DFIR tool to analyze artifacts on macOS☆35Jan 18, 2021Updated 5 years ago
- Forensic Artifact Collection Tool for macOS☆118Jul 28, 2025Updated 7 months ago
- Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework☆22Jan 22, 2021Updated 5 years ago
- Windows 10 Live Information viewer☆38Jan 27, 2022Updated 4 years ago
- macOS forensic timeline generator using the analysis result DBs of mac_apt☆93Sep 7, 2023Updated 2 years ago
- A python script to acquire multiple aws ec2 instances in a forensically sound-ish way☆38Nov 8, 2021Updated 4 years ago
- Attempt to replicate the functions of auto_rip by Corey Harrell in Python.☆12Aug 4, 2024Updated last year
- CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library☆165Oct 25, 2024Updated last year
- Simple CLI utility to save off an image from every webcam hooked into a mac☆14May 20, 2021Updated 4 years ago
- R-CSIRT Linux Triage tool☆39Jun 28, 2018Updated 7 years ago
- CDIR Analyzer - parsers for data collected by CDIR Collector☆17Dec 11, 2025Updated 2 months ago
- Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)☆196Feb 16, 2023Updated 3 years ago
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆68Sep 13, 2023Updated 2 years ago
- Web app built to allow digital forensic professionals to search for the forensic tools that will parse artifacts from various apps.☆19Apr 30, 2025Updated 10 months ago
- Windows Event Log "Microsoft-Windows-Partition%4Diagnostic.evtx" parser and devices' VSNs extractor.☆20Nov 28, 2023Updated 2 years ago
- Google Filestream Forensic Tool☆22Mar 10, 2022Updated 3 years ago
- $MFT directory tree reconstruction & FILE record info☆326Oct 7, 2024Updated last year
- Apple Pattern of Life Lazy Output'er☆635Feb 25, 2024Updated 2 years ago
- Quick iOS Backup UnFunkerizor☆22May 25, 2021Updated 4 years ago
- A series of python scripts to extract information from SQLite Data Files☆21Nov 15, 2025Updated 3 months ago
- Module(s) related to reading SEGB (fka "Biome") data from iOS, mascOS, etc.☆28Sep 9, 2025Updated 5 months ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆78Jan 9, 2024Updated 2 years ago
- Use "Full Disk Access" permissions to read the contents of TCC.db and display it in human-readable format☆40Jul 27, 2021Updated 4 years ago
- A preconfigured Windows-based system designed for rapid forensic investigations in both Azure and AWS.☆39Mar 25, 2024Updated last year
- Trace ScriptBlock execution for powershell v2☆40Jan 14, 2020Updated 6 years ago
- ReWrite of AChoir in Go for Cross Platform forensic artifact collection and processing☆41Updated this week
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆117Jan 26, 2022Updated 4 years ago
- Easy to extend initial access scenario to help with EDR testing on Linux and Mac☆26Mar 20, 2022Updated 3 years ago
- macOS (& ios) Artifact Parsing Tool☆1,003Updated this week
- Windows Thingies... but in Rust☆23Nov 12, 2022Updated 3 years ago
- ☆24Mar 12, 2025Updated 11 months ago
- WLEAPP is an open source project that aims to parse Windows OS artifacts for the purpose of triage analysis.☆32Nov 16, 2023Updated 2 years ago
- OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat a…☆229Jan 6, 2026Updated last month
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆341Dec 3, 2025Updated 3 months ago
- Golang Parser for Microsoft Event Logs☆105Nov 7, 2025Updated 3 months ago
- An NTFS/FAT parser for digital forensics & incident response☆220Oct 31, 2025Updated 4 months ago
- Indexer is a Python script that generates an .html index of files within a directory☆26Dec 18, 2021Updated 4 years ago