A DFIR tool to collect artifacts on macOS
☆57Mar 1, 2020Updated 6 years ago
Alternatives and similar repositories for macOSTriageTool
Users that are interested in macOSTriageTool are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A small tool to easily mount APFS image on macOS for forensics.☆17Jul 30, 2020Updated 5 years ago
- macOS Artifact Intelligence Tool☆13Apr 30, 2019Updated 7 years ago
- A DFIR tool to analyze artifacts on macOS☆35Jan 18, 2021Updated 5 years ago
- Windows 10 Live Information viewer☆40Jan 27, 2022Updated 4 years ago
- CDIR Analyzer - parsers for data collected by CDIR Collector☆21Jun 3, 2026Updated last month
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Forensic Artifact Collection Tool for macOS☆120Jul 28, 2025Updated 11 months ago
- macOS forensic timeline generator using the analysis result DBs of mac_apt☆95Sep 7, 2023Updated 2 years ago
- R-CSIRT Linux Triage tool☆39Jun 28, 2018Updated 8 years ago
- CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library☆173Oct 25, 2024Updated last year
- A python script to acquire multiple aws ec2 instances in a forensically sound-ish way☆37Nov 8, 2021Updated 4 years ago
- Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework☆22Jan 22, 2021Updated 5 years ago
- Attempt to replicate the functions of auto_rip by Corey Harrell in Python.☆12Aug 4, 2024Updated last year
- Web app built to allow digital forensic professionals to search for the forensic tools that will parse artifacts from various apps.☆19Jun 10, 2026Updated 3 weeks ago
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆69Sep 13, 2023Updated 2 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)☆196Feb 16, 2023Updated 3 years ago
- A command-line tool for searching files, directories, and alternate data streams directly from NTFS image files.☆29Jun 1, 2026Updated last month
- WLEAPP is an open source project that aims to parse Windows OS artifacts for the purpose of triage analysis.☆35Nov 16, 2023Updated 2 years ago
- Quick iOS Backup UnFunkerizor☆22May 25, 2021Updated 5 years ago
- ReWrite of AChoir in Go for Cross Platform forensic artifact collection and processing☆42May 18, 2026Updated last month
- ☆31Feb 12, 2026Updated 4 months ago
- A simple utility for stripping out either the SHA-1, MD5 or CRC values alone from the NSRL hash database☆14Nov 19, 2021Updated 4 years ago
- Windows Event Log "Microsoft-Windows-Partition%4Diagnostic.evtx" parser and devices' VSNs extractor.☆20Nov 28, 2023Updated 2 years ago
- Lepus-CTF frontend application☆11Nov 2, 2015Updated 10 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Google Filestream Forensic Tool☆22Mar 10, 2022Updated 4 years ago
- ☆23Mar 12, 2025Updated last year
- Module(s) related to reading SEGB (fka "Biome") data from iOS, mascOS, etc.☆32Sep 9, 2025Updated 9 months ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆118Jan 26, 2022Updated 4 years ago
- Yet another fseventsd parser for macOS forensics☆12Jul 20, 2024Updated last year
- A Windows REG file to enable all default PowerShell logging on a system with PowerShell v5 installed☆17Jun 20, 2016Updated 10 years ago
- my MSTICpy practice and custom tools repository☆11Apr 23, 2025Updated last year
- Trace ScriptBlock execution for powershell v2☆40Jan 14, 2020Updated 6 years ago
- ☆11Aug 3, 2018Updated 7 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- CTI-URLScan is a command line tool to enable analysts to search URLscan.io submissions. Pull screenshot and DOM content. As well as, auto…☆11Mar 2, 2021Updated 5 years ago
- An NTFS/FAT parser for digital forensics & incident response☆234Oct 31, 2025Updated 8 months ago
- A series of python scripts to extract information from SQLite Data Files☆22Nov 15, 2025Updated 7 months ago
- OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat a…☆234Updated this week
- Apple Pattern of Life Lazy Output'er☆648Feb 25, 2024Updated 2 years ago
- The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted driv…☆345Jun 25, 2022Updated 4 years ago
- ☆24Nov 3, 2019Updated 6 years ago