mnrkbys / macosac
Forensic Artifact Collection Tool for macOS
☆110Updated 7 months ago
Alternatives and similar repositories for macosac:
Users that are interested in macosac are comparing it to the libraries listed below
- macOS forensic timeline generator using the analysis result DBs of mac_apt☆93Updated last year
- A parser for Unified logging tracev3 files☆84Updated last year
- Parser fo macOS/iOS FSEvents Logs☆33Updated 11 months ago
- WLEAPP is an open source project that aims to parse Windows OS artifacts for the purpose of triage analysis.☆30Updated last year
- Digital Forensics Artifacts Knowledge Base☆81Updated 11 months ago
- macOS .DS_Store Parser☆66Updated 3 years ago
- ☆239Updated 3 weeks ago
- Module(s) related to reading SEGB (fka "Biome") data from iOS, mascOS, etc.☆19Updated 10 months ago
- Vehicle Logs Events And Properties Parser☆84Updated 2 months ago
- Logbook for Digital Forensics and Incident Response☆50Updated 9 months ago
- Collection of SQL query templates for digital forensics use by platform and application.☆102Updated 4 years ago
- A ruleset to find potentially malicious code in macOS malware samples☆39Updated last year
- DC3 SQLite Dissect☆61Updated 5 months ago
- A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhanc…☆55Updated 2 months ago
- A triage data collection script for macOS☆28Updated 4 years ago
- MacOS forensic acquisition made simple☆119Updated last week
- Returns Logs Events And Properties Parser☆104Updated 3 weeks ago
- Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework☆20Updated 4 years ago
- Documentation site for Velociraptor☆45Updated this week
- Script that checks for available updates for the most commonly used Digital Forensics tools☆59Updated 4 years ago
- USN Journal full path builder☆59Updated 7 months ago
- Chrome Logs Events and Protobuf Parser☆38Updated 2 years ago
- http://moaistory.blogspot.com/2016/08/ie10analyzer.html☆16Updated 9 months ago
- A minimal malware analysis sandbox for macOS☆28Updated 2 years ago
- Carves and recreates VSS catalog and store from Windows disk image.☆98Updated 2 years ago
- acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.☆101Updated this week
- A utility to process the iOS Cache.sqlite database and create a timelined KML map for use in Google Earth☆26Updated 4 months ago
- A repo that aims to centralize a current, running list of relevant parsers/tools for known DFIR artifacts☆60Updated 5 months ago
- Mapping XProtect's obfuscated malware family names to common industry names.☆84Updated 11 months ago
- Python script to walk a folder or a zip file for SQLite Databases☆38Updated last year