WithSecureLabs / macOSTriageCollectionScriptLinks
A triage data collection script for macOS
☆28Updated 4 years ago
Alternatives and similar repositories for macOSTriageCollectionScript
Users that are interested in macOSTriageCollectionScript are comparing it to the libraries listed below
Sorting:
- ARDvark parses the Apple Remote Desktop (ARD) files to pull out application usage, user activity, and filesystem listings.☆35Updated 2 years ago
- Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework☆20Updated 4 years ago
- Swift Command line tool used for proactive detection of malicious activity on macOS systems.☆68Updated 5 years ago
- A minimal malware analysis sandbox for macOS☆32Updated 2 years ago
- Scripts and tools created for appx analysis talk (Magnet summit 2019)☆18Updated last year
- Parser fo macOS/iOS FSEvents Logs☆38Updated last year
- macOS Artifact Intelligence Tool☆13Updated 6 years ago
- Indicators of Normality☆11Updated 3 years ago
- Forensic Artifact Collection Tool for macOS☆117Updated 2 months ago
- macOS forensic timeline generator using the analysis result DBs of mac_apt☆95Updated 2 years ago
- An npm package for extracting common IoC (Indicator of Compromise) from a block of text☆58Updated 2 weeks ago
- An experimental Velociraptor implementation using cloud infrastructure☆26Updated last week
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆12Updated last year
- Tool to rip system and user data from OSX and macOS☆17Updated 2 years ago
- A script to assist in processing forensic RAM captures for malware triage☆27Updated 4 years ago
- Crowdstrike Falcon Host script for iterating through instances to get alert and other relevant data☆13Updated 6 years ago
- F-Secure Lightweight Acqusition for Incident Response (FLAIR)☆17Updated 4 years ago
- ☆34Updated 2 years ago
- Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"☆11Updated 8 months ago
- Powershell Scripts to work on Crowdstrike Falcon that pull back raw data relevant to forensic investigation☆23Updated 10 months ago
- NTFS file system specimens☆13Updated 2 years ago
- Synopsis is a tool to aid analysts reviewing browser history files by providing a high-level “synopsis” of key information.☆21Updated 6 years ago
- ☆21Updated 7 months ago
- A sample VHDX file with multiple verbose examples of forensic and anti-forensics artifacts. Meant to be basic and can be expanded upon. P…☆28Updated 2 years ago
- Git for me to put all my forensics stuff☆23Updated last month
- PowerShell Memory Pulling script☆19Updated 10 years ago
- Parser for Sdba memory pool tags☆20Updated 4 years ago
- The "DFUR" Splunk application and data that was presented at the 2020 SANS DFIR Summit.☆12Updated 5 years ago
- Windows 10 Live Information viewer☆37Updated 3 years ago
- Accelerating the collection, processing, analysis and outputting of digital forensic artefacts.☆32Updated 2 weeks ago