a1l4m / Mac-Triage
A powerful macOS triage collection tool designed for forensic analysis. It gathers critical system artifacts such as FSEvents, Spotlight, Unified Logs, user data and many more, while preserving the original macOS file system structure. Ideal for incident response, digital forensics, and security investigations.
☆12Updated last month
Alternatives and similar repositories for Mac-Triage:
Users that are interested in Mac-Triage are comparing it to the libraries listed below
- Scripts to for ready-to-use Velociraptor instance deployment in Azure☆13Updated last year
- Quick ESXi Log Parser☆17Updated 2 months ago
- Contains compiled binaries of Volatility☆33Updated 2 months ago
- ☆14Updated 10 months ago
- This is a repo for fetching Applocker event log by parsing the win-event log☆30Updated 2 years ago
- A proof-of-concept re-assembler for reverse VNC traffic.☆25Updated last year
- ☆34Updated 2 years ago
- Vagrant Files to create a Virtualbox VM for Malware Analysis☆13Updated 3 years ago
- Extract payload URLs from Follina (CVE-2022-30190) docx and rtf files☆31Updated 2 years ago
- Thor Artifacts for Velociraptor☆15Updated 9 months ago
- Hundred Days of Yara Challenge☆12Updated 2 years ago
- EventLogSilencer is a PowerShell script designed for disable Windows Event Logging☆16Updated last year
- ☆22Updated 8 months ago
- Scans a list of raccoon servers from Tria.ge and extracts the config☆15Updated last year
- ☆19Updated 2 months ago
- Automatically spider the result set of a Censys/Shodan search and download all files where the file name or folder path matches a regex.☆27Updated last year
- Parser for Windows PowerShell script block logs☆13Updated 3 months ago
- ☆20Updated last year
- orc2timeline extracts and analyzes artifacts contained in archives generated with DFIR-ORC.exe to create a timeline from them☆32Updated 4 months ago
- Linux #rootkit and #malware revealer☆24Updated 8 months ago
- Yara Rules for Modern Malware☆75Updated last year
- Triaging Windows event logs based on SANS Poster☆39Updated 2 years ago
- A YARA & Malware Analysis Toolkit written in Rust.☆19Updated last week
- Placeholder for my detection repo and misc detection engineering content☆43Updated last year
- MITRE TTPs derived from Conti's leaked playbooks from XSS.IS☆37Updated 3 years ago
- Hunt for SQLite files used by various applications☆23Updated last week
- LILO based Pulse Secure appliance disk image decryptor☆12Updated last year
- ☆17Updated 7 months ago
- These FLARE-VM configuration files are designed to be help setup a purpose-built installation, remove unnecessary packages to help stream…☆14Updated 11 months ago
- Scan files for potential threats while leveraging AMSI (Antimalware Scan Interface) and Windows Defender. By isolating malicious content.☆14Updated 3 months ago