WithSecureLabs/macOSTriageCollectionScript external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

WithSecureLabs/macOSTriageCollectionScript

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/WithSecureLabs/macOSTriageCollectionScript)

Close

WithSecureLabs / macOSTriageCollectionScriptView on GitHubMore

• External links
• Readme badge

A triage data collection script for macOS

☆29Nov 27, 2020Updated 5 years ago

Alternatives and similar repositories for macOSTriageCollectionScript

Users that are interested in macOSTriageCollectionScript are comparing it to the libraries listed below

• bradleyjkemp / sigma-esf

  View on GitHub
  Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework
  ☆22Jan 22, 2021Updated 5 years ago
• dwmetz / detonaRE

  View on GitHub
  Capture. Detonate. Collect
  ☆14Sep 20, 2024Updated last year
• zerber0s / mac_int

  View on GitHub
  macOS Artifact Intelligence Tool
  ☆13Apr 30, 2019Updated 6 years ago
• bolodev / osxripper

  View on GitHub
  Tool to rip system and user data from OSX and macOS
  ☆16Dec 6, 2022Updated 3 years ago
• Hestat / calamity

  View on GitHub
  A script to assist in processing forensic RAM captures for malware triage
  ☆26Feb 4, 2021Updated 5 years ago
• MatthewClarkMay / fTriage

  View on GitHub
  Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.
  ☆21Mar 12, 2019Updated 7 years ago
• Stahlz / CertWatcher

  View on GitHub
  CertWatcher is a new take on monitoring for phishing sites. It is meant to be a set and forget service that will send you a daily report …
  ☆10Oct 12, 2020Updated 5 years ago
• dwmetz / Mal-Hash

  View on GitHub
  This script will generate hashes (MD5, SHA1, SHA256), submit the MD5 to Virus Total, and produce a text file with the results.
  ☆15Jul 13, 2023Updated 2 years ago
• nrvana / macOS-triage

  View on GitHub
  macOS triage is a python script to collect various macOS logs, artifacts, and other data.
  ☆25Mar 25, 2021Updated 4 years ago
• Recruit-CSIRT / macApfsMounter

  View on GitHub
  A small tool to easily mount APFS image on macOS for forensics.
  ☆16Jul 30, 2020Updated 5 years ago
• woanware / etw-event-dumper

  View on GitHub
  ☆33Feb 26, 2022Updated 4 years ago
• nccgroup / grepify

  View on GitHub
  Grepify the GUI Regex Text Scanner for Code Reviewers
  ☆23Apr 15, 2013Updated 12 years ago
• OMENScan / AChoirX

  View on GitHub
  ReWrite of AChoir in Go for Cross Platform forensic artifact collection and processing
  ☆41Feb 28, 2026Updated 2 weeks ago
• NextronSystems / evtx-baseline

  View on GitHub
  A repository hosting example goodware evtx logs containing sample software installation and basic user interaction
  ☆87Mar 11, 2026Updated last week
• CiscoCXSecurity / sudo-parser

  View on GitHub
  sudo-parser is a tool to audit complex sudoers files
  ☆18Nov 2, 2022Updated 3 years ago
• argetlam59 / office365

  View on GitHub
  Repo for containing and managing office 365 scripts for my customers, techs and others. If you have any questions please feel free to hit…
  ☆11Mar 27, 2022Updated 3 years ago
• repnz / autoit-analysis

  View on GitHub
  AutoIt Analysis Library: Parser & Emulator For Malware Researchers
  ☆21Apr 27, 2019Updated 6 years ago
• amir9339 / volatility-docker

  View on GitHub
  A suite of Volatility 3 plugins for memory forensics of Docker containers
  ☆18Jan 10, 2024Updated 2 years ago
• AndrewRathbun / Awesome-KAPE

  View on GitHub
  A curated list of KAPE-related resources
  ☆184May 1, 2025Updated 10 months ago
• NextronSystems / thor-manual

  View on GitHub
  THOR APT Scanner User Manual
  ☆20Mar 9, 2026Updated last week
• mnrkbys / bgiparser

  View on GitHub
  A parsing tool for backgrounditems.btm
  ☆53Aug 23, 2024Updated last year
• Hestat / soc-threat-hunting

  View on GitHub
  Repo of python/bash scripts for identifying IoC's in threat feed and other online tools
  ☆26Jul 27, 2020Updated 5 years ago
• brimorlabs / rdpieces

  View on GitHub
  The home of the BriMor Labs rdpieces Perl script that tries to rebuild parsed RDP Bitmap Cache images
  ☆89Aug 29, 2023Updated 2 years ago
• ydkhatri / UnifiedLogReader

  View on GitHub
  A parser for Unified logging tracev3 files
  ☆97Jul 25, 2025Updated 7 months ago
• Code4iOSTeam / Configuration-Profiles

  View on GitHub
  Configure Internal iOS Settings, like SpringBoard, Carrier Settings, Mobile Asset Settings.
  ☆10Mar 6, 2019Updated 7 years ago
• ozpingux / BasicLinuxForensicScript

  View on GitHub
  Bash Script to extract GNU/Linux forensic artifacts for digital forensic analysis and incident response.
  ☆43Jul 5, 2023Updated 2 years ago
• StrangerealIntel / DeltaFlare

  View on GitHub
  ☆12Jun 29, 2021Updated 4 years ago
• quantumcore / thawne

  View on GitHub
  Thawne is a Sentinel for your Program. A trojan that Reinfects systems. It installs itself on the system it's Executed on. After which Th…
  ☆10Oct 13, 2020Updated 5 years ago
• SentineLabs / macos-ttps-yara

  View on GitHub
  A ruleset to find potentially malicious code in macOS malware samples
  ☆41Aug 29, 2023Updated 2 years ago
• WithSecureLabs / FLAIR

  View on GitHub
  F-Secure Lightweight Acqusition for Incident Response (FLAIR)
  ☆16Jul 5, 2021Updated 4 years ago
• forensicxlab / volatility3_plugins

  View on GitHub
  ☆25Jul 23, 2024Updated last year
• WiredPulse / Invoke-SRUMDump

  View on GitHub
  A pure PowerShell/ .NET DFIR capability that dumps the Windows SRUM (System Resource Usage Monitor) database to CSVs for analysis.
  ☆14Oct 21, 2021Updated 4 years ago
• AtomicGaryBusey / AzureForensics

  View on GitHub
  ☆33Oct 25, 2021Updated 4 years ago
• nccgroup / JA3_outlier

  View on GitHub
  Incremental Machine Leaning by example - Detecting suspicious activity in real time with Zeek data streams, River and JA3 hashes
  ☆16Aug 10, 2022Updated 3 years ago
• dwmetz / CyberPipe

  View on GitHub
  An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.
  ☆340Dec 3, 2025Updated 3 months ago
• Silv3rHorn / evtx2json

  View on GitHub
  evtx2json extracts events of interest from event logs, dedups them, and exports them to json.
  ☆41May 3, 2021Updated 4 years ago
• rndmIdi0cy / Menagerie

  View on GitHub
  Crowdstrike response script containing various functions for IR/triage
  ☆12Dec 7, 2020Updated 5 years ago
• MistyFromReboot / Mini-WinFE

  View on GitHub
  Windows Forensic Environment (WinFE) - based on WinPE
  ☆39Mar 16, 2023Updated 3 years ago
• theAtropos4n6 / Partition-4DiagnosticParser

  View on GitHub
  Windows Event Log "Microsoft-Windows-Partition%4Diagnostic.evtx" parser and devices' VSNs extractor.
  ☆20Nov 28, 2023Updated 2 years ago