a1l4m / Mac-TriageLinks
A powerful macOS triage collection tool designed for forensic analysis. It gathers critical system artifacts such as FSEvents, Spotlight, Unified Logs, user data and many more, while preserving the original macOS file system structure. Ideal for incident response, digital forensics, and security investigations.
☆31Updated 3 months ago
Alternatives and similar repositories for Mac-Triage
Users that are interested in Mac-Triage are comparing it to the libraries listed below
Sorting:
- Contains compiled binaries of Volatility☆37Updated 8 months ago
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆68Updated 2 years ago
- Quick ESXi Log Parser☆28Updated 3 months ago
- ☆28Updated 3 months ago
- ☆22Updated 3 years ago
- A tool for fetching DFIR and other GitHub tools.☆25Updated 5 months ago
- Tools and scripts to deploy and manage OpenRelik instances☆16Updated 7 months ago
- PowerShell scripts for running Magnet RESPONSE forensic collection tool in large enterprises.☆29Updated last year
- macOS Artifacts☆33Updated 10 months ago
- Scripts to for ready-to-use Velociraptor instance deployment in Azure☆14Updated 2 years ago
- A Windows Event Log MCP☆39Updated 5 months ago
- ESXi Cyber Security Incident Response Script☆25Updated last year
- Helping Incident Responders hunt for potential persistence mechanisms on UNIX-based systems.☆17Updated 2 years ago
- macos-collector - Automated Collection of macOS Forensic Artifacts for DFIR☆25Updated this week
- Linux Baseline and Forensic Triage Tool - BETA☆57Updated 3 years ago
- orc2timeline extracts and analyzes artifacts contained in archives generated with DFIR-ORC.exe to create a timeline from them☆34Updated 7 months ago
- Thor Artifacts for Velociraptor☆19Updated last month
- Python script to walk a folder or a zip file for SQLite Databases☆37Updated 2 years ago
- Parses USB connection artifacts from offline Registry hives☆106Updated 7 months ago
- Detection rule validation☆40Updated 2 years ago
- A simple script to read the contents of a zip/tar/folder and extract metadata☆21Updated 3 months ago
- SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data w…☆54Updated last year
- ☆24Updated 10 months ago
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆55Updated 2 years ago
- This tool parses Windows EVTX logs to extract login and logout sessions from a security.evtx file. It uses a Tkinter GUI to let you selec…☆31Updated 11 months ago
- A YARA & Malware Analysis Toolkit written in Rust.☆91Updated 3 months ago
- Sigma detection rules for hunting with the threathunting-keywords project☆58Updated 10 months ago
- The Eventlog Compendium is the go-to resource for understanding Windows Event Logs.☆51Updated 9 months ago
- Initial triage of Windows Event logs☆105Updated last year
- A preconfigured Windows-based system designed for rapid forensic investigations in both Azure and AWS.☆40Updated last year