Python script to parse the Most Recently Used (MRU) plist files on macOS into a more human friendly format.
Automated Mac Forensic Triage Collector.
macOS/iOS database location scraper to extract location data
This tool is designed to take the 'chatConversationStore.plist' file from SnapChat on iPhone and parse out the conversations into a usable format. Simply drag and drop the 'chatConversationStore.plist' file into Spoopy and it will parse ... Read More...
macOS Artifact Parsing Tool https:// swiftforensics.com
Mushy is a simple PList (and Binary PList) viewer. Drag and Drop a PList/BPList into Mushy to parse the document. This software was created as a biproduct of ArtEx. I wanted to ArtEx to be able to get the device name/iOS version directly from the ... Read More...
In the Mac OS X and iPhone OS, property list files are files that store serialized objects. Property list files use the filename extension .plist. Mac OS X 10.2 introduced a new format where property list files are stored as binary files. Starting with ... Read More...
A tool for visualizing iOS's KnowledgeC database. Simply load in a GK Extraction file and select what you want to see. Graph out Battery Life, Plug status, Audio Out, Bluetooth Connections and more as well as Intents which are cross-referenced with Ca ... Read More...
Library and tools to access the Apple File System (APFS)
plistutils provides a number of convenience functions for dealing withApple Property List files.
Parser for Apples NSKeyedArchiver plist files.
afro can parse APFS images. It not only extracts the latest data but also older versions of the files.
Mac malware often spies on users by recording audio and video sessions...sometimes in an undetected manner.
mac_int is an interpretive, modular DFIR intelligence and artifact correlation tool designed to automatically identify patterns and connections between parsed artifact data from the SQLite output of Yogesh Khatri’s open source tool, mac_apt... Read More...
Script parses all the logs in the /private/var/installd/Library/Logs/MobileInstalation/ .log
Script will produce a currently installed apps report, a uninstalled apps report and historical reports for both types per app.
... Read More...
macOS Artifact Parsing Tool
Page 1 of 2
© 2020 Copyright | DFIR Training