Forensic Utilities - Mac RSS

afro can parse APFS images. It not only extracts the latest data but also older versions of the files.

Unique Pageviews1,666
Rating
Star00Star00Star00Star00Star00
Website Clicks1,053

Apple File System (APFS) is a new file system for macOS, iO ...
Read More...
Unique Pageviews3,298
Rating
Star00Star00Star00Star00Star00
Website Clicks1,132

APOLLO

0 reviews

Apple Pattern of Life Lazy Output'er

 

Unique Pageviews184
Rating
Star00Star00Star00Star00Star00
Website Clicks76

ArtEx - Artifact Examiner Popular

0 reviews

A tool for visualizing iOS's KnowledgeC database.  Simply load in a GK Extraction file and select what you want to see. Graph out Battery Life, Plug status, Audio Out, Bluetooth Connections and more as well as Intents which are cross-referenced with Ca ...
Read More...

Unique Pageviews2,039
Rating
Star00Star00Star00Star00Star00
Website Clicks301

AutoMacTC Popular

0 reviews

Automated Mac Forensic Triage Collector.

Unique Pageviews2,479
Rating
Star00Star00Star00Star00Star00
Website Clicks259

bgiparser

0 reviews

A parsing tool for backgrounditems.btm

The entries of "Login Items" are stored in "~/Library/Application Support/com.apple.backgroundtaskmanagementagent/backgrounditems ...
Read More...

Unique Pageviews203
Rating
Star00Star00Star00Star00Star00
Website Clicks144

Bitraser File Eraser Mac Popular

0 reviews
Bitraser File Eraser Mac

Bitraser file eraser software erases data from different type of storage devices. It features 17 international earaser algorithm to wipe files from the hard drives. This file eraser supports Mac OS X 10.9 and latest versions

Unique Pageviews529
Rating
Star00Star00Star00Star00Star00
Website Clicks111

Dump the iOS Frequent Location binary plist fi ...
Read More...
Unique Pageviews1,702
Rating
Star00Star00Star00Star00Star00
Website Clicks834

Script parses all the logs in the /private/var/installd/Library/Logs/MobileInstalation/ .log

Script will produce a currently installed apps report, a uninstalled apps report and historical
reports for both types per app.

...
Read More...

Unique Pageviews1,364
Rating
Star00Star00Star00Star00Star00
Website Clicks175

Python 3 Script to parse out iTunes backups
Unique Pageviews1,266
Rating
Star00Star00Star00Star00Star00
Website Clicks420

libfsapfs

0 reviews

Library and tools to access the Apple File System (APFS)

Unique Pageviews2,161
Rating
Star00Star00Star00Star00Star00
Website Clicks947

Types of Acquisitions Supported
iOS Devices
Logical

Using the logical acquisition flag on MEAT will instruct the tool to extract files and folders accessible through AFC on jailed devices. The specific folder that allows access is: ...
Read More...

Unique Pageviews381
Rating
Star00Star00Star00Star00Star00
Website Clicks91

Mac Locations Scraper Popular

0 reviews

macOS/iOS database location scraper to extract location data

Unique Pageviews2,606
Rating
Star00Star00Star00Star00Star00
Website Clicks925

macApfsMounter Popular

0 reviews

A small tool to easily mount APFS image on macOS for forensics.
Unique Pageviews382
Rating
Star00Star00Star00Star00Star00
Website Clicks99

macMRU-Parser

0 reviews

Python script to parse the Most Recently Used (MRU) plist files on macOS into a more human friendly format.

Unique Pageviews2,792
Rating
Star00Star00Star00Star00Star00
Website Clicks1,551

mac_int is an interpretive, modular DFIR intelligence and artifact correlation tool designed to automatically identify patterns and connections between parsed artifact data from the SQLite output of Yogesh Khatri’s open source tool, mac_apt...
Read More...

Unique Pageviews1,710
Rating
Star10Star10Star10Star10Star10
Website Clicks524
Votes3

macOS Artifact Parsing Tool https:// swiftforensics.com 

Unique Pageviews2,406
Rating
Star10Star10Star10Star10Star10
Website Clicks1,216
Votes1

macosac

0 reviews

This is a DFIR tool for collecting artifact files on macOS. The "Extended Attributes" of artifact files are collected too. Furthermore, this tool can collect artifacts in Time Machine backups as well as ones on the current disk. This tool does not prov ...
Read More...

Unique Pageviews387
Rating
Star00Star00Star00Star00Star00
Website Clicks144

mac_apt

0 reviews

macOS Artifact Parsing Tool

Unique Pageviews1,313
Rating
Star00Star00Star00Star00Star00
Website Clicks434

Mushy Popular

0 reviews

Mushy is a simple PList (and Binary PList) viewer.
Drag and Drop a PList/BPList into Mushy to parse the document.  This software was created as a biproduct of ArtEx. I wanted to ArtEx to be able to get the device name/iOS version directly from the ...
Read More...

Unique Pageviews2,213
Rating
Star00Star00Star00Star00Star00
Website Clicks237

norimaci

0 reviews

Norimaci is a simple and lightweight malware analysis sandbox for macOS

"Norimaci" is a simple and lightweight malware analysis sandbox for macOS. This tool was inspired by " Read More...

Unique Pageviews285
Rating
Star00Star00Star00Star00Star00
Website Clicks135

Parser for Apples NSKeyedArchiver plist files.

Unique Pageviews1,853
Rating
Star00Star00Star00Star00Star00
Website Clicks1,280

Oversight

0 reviews

Mac malware often spies on users by recording audio and video sessions...sometimes in an undetected manner.

OverSight monitors a mac's mic and webcam, alerting the user when the internal mic is activated, or whenever a process accesses the we ...
Read More...
Unique Pageviews1,721
Rating
Star00Star00Star00Star00Star00
Website Clicks816

In the Mac OS X and iPhone OS, property list files are files that store serialized objects. Property list files use the filename extension .plist. Mac OS X 10.2 introduced a new format where property list files are stored as binary files. Starting with ...
Read More...

Unique Pageviews2,538
Rating
Star10Star10Star10Star10Star10
Website Clicks677
Votes1

plistutils

0 reviews

plistutils  provides a number of convenience functions for dealing withApple Property List files.

Unique Pageviews1,840
Rating
Star00Star00Star00Star00Star00
Website Clicks1,146

Snoopy Popular

0 reviews

This tool is designed to take the 'chatConversationStore.plist' file from SnapChat on iPhone and parse out the conversations into a usable format.
   
Simply drag and drop the 'chatConversationStore.plist' file into Spoopy and it will parse ...
Read More...

Unique Pageviews2,670
Rating
Star00Star00Star00Star00Star00
Website Clicks261

Read More...
Unique Pageviews1,675
Rating
Star00Star00Star00Star00Star00
Website Clicks922

Venator

0 reviews

Venator is a python tool used to gather data for proactive detection of malicious activity on macOS devices.
Unique Pageviews1,135
Rating
Star00Star00Star00Star00Star00
Website Clicks438