Forensic Artifact Collection Tool for macOS
☆118Jul 28, 2025Updated 7 months ago
Alternatives and similar repositories for macosac
Users that are interested in macosac are comparing it to the libraries listed below
Sorting:
- Yet another fseventsd parser for macOS forensics☆12Jul 20, 2024Updated last year
- macOS forensic timeline generator using the analysis result DBs of mac_apt☆93Sep 7, 2023Updated 2 years ago
- macOS Artifact Intelligence Tool☆13Apr 30, 2019Updated 6 years ago
- Scripts to process macOS forensic artifacts☆205Aug 4, 2024Updated last year
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- macOS (& ios) Artifact Parsing Tool☆1,003Feb 26, 2026Updated last week
- ☆11Aug 3, 2018Updated 7 years ago
- NTFS Security Descriptor Stream ($Secure:$SDS) parser☆14Jan 9, 2023Updated 3 years ago
- Script that checks for available updates for the most commonly used Digital Forensics tools☆60Dec 10, 2020Updated 5 years ago
- Tools for macOS Forensic Bootable media☆15May 20, 2020Updated 5 years ago
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆341Dec 3, 2025Updated 3 months ago
- A library to parse macOS FsEvents☆24Aug 28, 2022Updated 3 years ago
- ReWrite of AChoir in Go for Cross Platform forensic artifact collection and processing☆41Updated this week
- A parser for Unified logging tracev3 files☆97Jul 25, 2025Updated 7 months ago
- A small tool to easily mount APFS image on macOS for forensics.☆16Jul 30, 2020Updated 5 years ago
- A DFIR tool to collect artifacts on macOS☆56Mar 1, 2020Updated 6 years ago
- Windows 10 Live Information viewer☆38Jan 27, 2022Updated 4 years ago
- A cross platform parser for Apple UnifiedLogs!☆331Feb 15, 2026Updated 2 weeks ago
- Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"☆11Feb 6, 2025Updated last year
- Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)☆196Feb 16, 2023Updated 3 years ago
- Norimaci is a simple and lightweight malware analysis sandbox for macOS☆71Mar 3, 2020Updated 6 years ago
- 🧭 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system☆306May 7, 2025Updated 9 months ago
- Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or event…☆77Jul 13, 2021Updated 4 years ago
- $MFT directory tree reconstruction & FILE record info☆326Oct 7, 2024Updated last year
- Rolling Timeline for Incident Recorder.☆14Dec 4, 2023Updated 2 years ago
- An NTFS/FAT parser for digital forensics & incident response☆220Oct 31, 2025Updated 4 months ago
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆68Sep 13, 2023Updated 2 years ago
- This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices☆158May 21, 2020Updated 5 years ago
- Evtx Log (xml) Browser☆56Mar 12, 2023Updated 2 years ago
- The home of the BriMor Labs rdpieces Perl script that tries to rebuild parsed RDP Bitmap Cache images☆89Aug 29, 2023Updated 2 years ago
- Apple Pattern of Life Lazy Output'er☆637Feb 25, 2024Updated 2 years ago
- A script to mine SQLite databases for hidden gems that might be overlooked☆58Sep 19, 2020Updated 5 years ago
- Rip Raw is a small tool to analyse the memory of compromised Linux systems.☆134Jan 31, 2022Updated 4 years ago
- Tool to rip system and user data from OSX and macOS☆16Dec 6, 2022Updated 3 years ago
- JPCERT/CC public YARA rules repository☆109Nov 14, 2025Updated 3 months ago
- WLEAPP is an open source project that aims to parse Windows OS artifacts for the purpose of triage analysis.☆32Nov 16, 2023Updated 2 years ago
- ☆24Mar 12, 2025Updated 11 months ago
- Returns Logs Events And Properties Parser☆124Dec 24, 2025Updated 2 months ago
- Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's☆64Dec 18, 2024Updated last year