A DFIR tool to collect artifacts on macOS
☆56Mar 1, 2020Updated 6 years ago
Alternatives and similar repositories for macOSTriageTool
Users that are interested in macOSTriageTool are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A small tool to easily mount APFS image on macOS for forensics.☆16Jul 30, 2020Updated 5 years ago
- macOS Artifact Intelligence Tool☆13Apr 30, 2019Updated 6 years ago
- A DFIR tool to analyze artifacts on macOS☆35Jan 18, 2021Updated 5 years ago
- Windows 10 Live Information viewer☆38Jan 27, 2022Updated 4 years ago
- CDIR Analyzer - parsers for data collected by CDIR Collector☆19Dec 11, 2025Updated 3 months ago
- Forensic Artifact Collection Tool for macOS☆119Jul 28, 2025Updated 7 months ago
- macOS forensic timeline generator using the analysis result DBs of mac_apt☆93Sep 7, 2023Updated 2 years ago
- R-CSIRT Linux Triage tool☆39Jun 28, 2018Updated 7 years ago
- CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library☆167Oct 25, 2024Updated last year
- A python script to acquire multiple aws ec2 instances in a forensically sound-ish way☆38Nov 8, 2021Updated 4 years ago
- Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework☆22Jan 22, 2021Updated 5 years ago
- Attempt to replicate the functions of auto_rip by Corey Harrell in Python.☆12Aug 4, 2024Updated last year
- Web app built to allow digital forensic professionals to search for the forensic tools that will parse artifacts from various apps.☆18Apr 30, 2025Updated 10 months ago
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆68Sep 13, 2023Updated 2 years ago
- $MFT directory tree reconstruction & FILE record info☆326Oct 7, 2024Updated last year
- Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)☆196Feb 16, 2023Updated 3 years ago
- An efficient tool for search files, directories, and alternate data streams directly from NTFS image files.☆28Mar 12, 2026Updated last week
- WLEAPP is an open source project that aims to parse Windows OS artifacts for the purpose of triage analysis.☆32Nov 16, 2023Updated 2 years ago
- Quick iOS Backup UnFunkerizor☆22May 25, 2021Updated 4 years ago
- ReWrite of AChoir in Go for Cross Platform forensic artifact collection and processing☆41Feb 28, 2026Updated 3 weeks ago
- A simple utility for stripping out either the SHA-1, MD5 or CRC values alone from the NSRL hash database☆14Nov 19, 2021Updated 4 years ago
- Windows Event Log "Microsoft-Windows-Partition%4Diagnostic.evtx" parser and devices' VSNs extractor.☆20Nov 28, 2023Updated 2 years ago
- Lepus-CTF frontend application☆11Nov 2, 2015Updated 10 years ago
- Google Filestream Forensic Tool☆22Mar 10, 2022Updated 4 years ago
- ☆24Mar 12, 2025Updated last year
- Module(s) related to reading SEGB (fka "Biome") data from iOS, mascOS, etc.☆29Sep 9, 2025Updated 6 months ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆117Jan 26, 2022Updated 4 years ago
- Yet another fseventsd parser for macOS forensics☆12Jul 20, 2024Updated last year
- A Windows REG file to enable all default PowerShell logging on a system with PowerShell v5 installed☆16Jun 20, 2016Updated 9 years ago
- This tool aims at parsing Microsoft Protection logs to provide relevant data to forensic analysts during incident responses.☆21Sep 30, 2022Updated 3 years ago
- my MSTICpy practice and custom tools repository☆11Apr 23, 2025Updated 11 months ago
- Trace ScriptBlock execution for powershell v2☆40Jan 14, 2020Updated 6 years ago
- ☆11Aug 3, 2018Updated 7 years ago
- CTI-URLScan is a command line tool to enable analysts to search URLscan.io submissions. Pull screenshot and DOM content. As well as, auto…☆11Mar 2, 2021Updated 5 years ago
- An NTFS/FAT parser for digital forensics & incident response☆224Oct 31, 2025Updated 4 months ago
- A series of python scripts to extract information from SQLite Data Files☆21Nov 15, 2025Updated 4 months ago
- OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat a…☆229Jan 6, 2026Updated 2 months ago
- Apple Pattern of Life Lazy Output'er☆641Feb 25, 2024Updated 2 years ago
- The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted driv…☆343Jun 25, 2022Updated 3 years ago