cugu / afro
File recovery for APFS
☆161Updated 3 years ago
Alternatives and similar repositories for afro:
Users that are interested in afro are comparing it to the libraries listed below
- Read and extract data from macOS spotlight databases☆108Updated this week
- Parser for OSX/iOS FSEvents Logs☆247Updated 4 months ago
- Python script to parse the Most Recently Used (MRU) plist files on macOS into a more human friendly format.☆104Updated 7 years ago
- Scripts to parse various iOS sysdiagnose logs. Based upon the forensic research of Mattia Epifani, Heather Mahalik and Cheeky4n6monkey.☆189Updated 2 years ago
- Scripts to process macOS forensic artifacts☆192Updated 8 months ago
- Collection of forensics artifacts location for Mac OS X and iOS☆329Updated 3 years ago
- A parser for Unified logging tracev3 files☆85Updated last year
- A command line tool for pstree-like output on macOS with additional pid capturing capabilities☆253Updated 8 months ago
- macOS/iOS database location scraper to extract location data☆80Updated 2 years ago
- Presentation Archives for my macOS and iOS Related Research☆250Updated last month
- Python Module for parsing Binary Property List and NSKeyedArchiver files☆82Updated 9 years ago
- Parse the Mac Quickook index.sqlite database☆53Updated 8 years ago
- Dump the iOS Frequent Location binary plist files☆84Updated 6 years ago
- Python utilities related to plists☆54Updated last year
- APFS filesystem format for Kaitai Struct☆82Updated 3 years ago
- Apple Pattern of Life Lazy Output'er☆583Updated last year
- A module to expose the Endpoint Security library to Swift☆20Updated 5 years ago
- Collection of SQL query templates for digital forensics use by platform and application.☆103Updated 4 years ago
- [⛔️ Deprecated] Venator is a python tool used to gather data for proactive detection of malicious activity on macOS devices.☆177Updated 4 years ago
- Mapping XProtect's obfuscated malware family names to common industry names.☆86Updated last year
- This is a work-in-progress command line tool for reversing run-only AppleScripts. It will help parse the output of applescript-disassembl…☆67Updated 4 years ago
- checks if an application is pristine (untampered) and from the official Mac App Store☆74Updated 4 years ago
- An app to protect against process injection and suspicious file links on macOS☆220Updated 3 years ago
- process info/monitoring library for macOS☆420Updated 4 years ago
- Resources for HFS+ Forensics☆36Updated 9 years ago
- 010 template for apfs☆25Updated 4 years ago
- Notifies the user when macOS Security components like Gatekeeper and XProtect have been updated☆61Updated 4 years ago
- Forensic Artifact Collection Tool for macOS☆110Updated 7 months ago
- Library and tools to access the Apple File System (APFS)☆359Updated 9 months ago
- Python 3 Script to parse out iTunes backups☆179Updated last year