mnrkbys / ma2tlView external linksLinks
macOS forensic timeline generator using the analysis result DBs of mac_apt
☆93Sep 7, 2023Updated 2 years ago
Alternatives and similar repositories for ma2tl
Users that are interested in ma2tl are comparing it to the libraries listed below
Sorting:
- macOS Artifact Intelligence Tool☆13Apr 30, 2019Updated 6 years ago
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- Forensic Artifact Collection Tool for macOS☆118Jul 28, 2025Updated 6 months ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- macOS (& ios) Artifact Parsing Tool☆982Feb 6, 2026Updated last week
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆78Jan 9, 2024Updated 2 years ago
- Harvest Linux forensic data for operational triage of an event.☆51Nov 30, 2025Updated 2 months ago
- Windows Event Log "Microsoft-Windows-Partition%4Diagnostic.evtx" parser and devices' VSNs extractor.☆20Nov 28, 2023Updated 2 years ago
- /ˈhäjˌpäj/ "a confused mixture."☆13Updated this week
- Scripts to for ready-to-use Velociraptor instance deployment in Azure☆14Jun 27, 2023Updated 2 years ago
- Search Index Database Reporter☆131Oct 28, 2025Updated 3 months ago
- This repository contains sample log data that were collected after running adversary simulations in Microsoft 365☆23Oct 9, 2024Updated last year
- A Python script that gathers all valid IP addresses from all text files from a directory, and checks them against Whois database, TOR rel…☆29Jun 27, 2022Updated 3 years ago
- A cross platform parser for Apple UnifiedLogs!☆323Feb 1, 2026Updated last week
- A DFIR tool to collect artifacts on macOS☆56Mar 1, 2020Updated 5 years ago
- Linux Baseline and Forensic Triage Tool - BETA☆57Sep 8, 2022Updated 3 years ago
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆219Oct 26, 2025Updated 3 months ago
- A python script developed to process Windows memory images based on triage type.☆264Nov 25, 2023Updated 2 years ago
- ☆24Mar 12, 2025Updated 11 months ago
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆252Oct 29, 2025Updated 3 months ago
- USN Journal full path builder☆65Sep 16, 2024Updated last year
- Carve file metadata from NTFS index ($I30) attributes☆70Feb 3, 2024Updated 2 years ago
- A curated list of KAPE-related resources☆179May 1, 2025Updated 9 months ago
- Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)☆196Feb 16, 2023Updated 2 years ago
- ☆21Nov 19, 2025Updated 2 months ago
- Yara rules☆22Mar 27, 2023Updated 2 years ago
- ☆33Oct 25, 2021Updated 4 years ago
- Automagically extract forensic timeline from volatile memory dump☆132May 7, 2024Updated last year
- Blueteam operational triage registry hunting/forensic tool.☆149Sep 2, 2025Updated 5 months ago
- Windows Forensics Salt States☆20Feb 7, 2026Updated last week
- A small tool to easily mount APFS image on macOS for forensics.☆16Jul 30, 2020Updated 5 years ago
- Artifact collection tool for *nix systems☆212Mar 20, 2024Updated last year
- A sample VHDX file with multiple verbose examples of forensic and anti-forensics artifacts. Meant to be basic and can be expanded upon. P…☆27Jan 2, 2023Updated 3 years ago
- Rip Raw is a small tool to analyse the memory of compromised Linux systems.☆134Jan 31, 2022Updated 4 years ago
- Aftermath is a free macOS IR framework☆569Sep 25, 2025Updated 4 months ago
- Volatility3 plugins developed and maintained by the community☆63Mar 19, 2023Updated 2 years ago
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆68Sep 13, 2023Updated 2 years ago
- ☆73Oct 21, 2024Updated last year
- ☆92Jul 30, 2025Updated 6 months ago