{"id":13549964,"url":"https://github.com/ydkhatri/MacForensics","last_synced_at":"2025-04-02T23:31:43.397Z","repository":{"id":37334673,"uuid":"78084619","full_name":"ydkhatri/MacForensics","owner":"ydkhatri","description":"Scripts to process macOS forensic artifacts","archived":false,"fork":false,"pushed_at":"2024-08-04T14:35:10.000Z","size":51566,"stargazers_count":179,"open_issues_count":1,"forks_count":21,"subscribers_count":12,"default_branch":"master","last_synced_at":"2024-11-03T19:37:33.445Z","etag":null,"topics":["forensics","mac","macos","osx"],"latest_commit_sha":null,"homepage":"https://www.swiftforensics.com","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ydkhatri.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-01-05T06:05:53.000Z","updated_at":"2024-10-12T18:13:35.000Z","dependencies_parsed_at":"2024-11-03T19:41:35.397Z","dependency_job_id":null,"html_url":"https://github.com/ydkhatri/MacForensics","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ydkhatri%2FMacForensics","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ydkhatri%2FMacForensics/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ydkhatri%2FMacForensics/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ydkhatri%2FMacForensics/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ydkhatri","download_url":"https://codeload.github.com/ydkhatri/MacForensics/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246911055,"owners_count":20853652,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["forensics","mac","macos","osx"],"created_at":"2024-08-01T12:01:27.528Z","updated_at":"2025-04-02T23:31:38.387Z","avatar_url":"https://github.com/ydkhatri.png","language":"Python","readme":"# MacForensics\n\nRepository of scripts for processing various artifacts from macOS (formerly OSX).\n\nArtifact | Script Name | Description\n-------- | ----------- | ------------\nDarwin folders | darwin_path_generator.py | DARWIN_USER_ folders name generation algorithm (those seemingly random folder names under /var/folders/)\nDeserialize NSKeyedArchive plists | Deserializer/deserializer.py\u003cbr\u003eDeserializer/deserializer.exe | Converts NSKeyedArchive plists to normal (human-readable) plists (Code + compiled exe for windows)  \nDomain (Active Directory) | Domain_Info/Read_ConfigProfiles.py | Reads user profile information for AD domain users from the ConfigProfiles.binary file\nDotUnderscore ._ files | DotUnderscore_macos.bt | An 010 template for parsing extended attribute files that begin with ._\nKtx to Png convertor | IOS_KTX_TO_PNG/ios_ktx2png.py\u003cbr\u003eIOS_KTX_TO_PNG/ios_ktx2png.exe | Convert ios created KTX texture images (like app snapshots) to PNG (Code + compiled exe for windows)  \nNotifications | macNotifications.py | Parse Mac Notifications db\nOffice reg file | Read_OfficeRegDB.py | Parse MS Office created sqlite db (microsoftRegistrationDB.reg)\n","funding_links":[],"categories":["Python","Forensics","Digital Forensics / Incident Response (DFIR)"],"sub_categories":["Steganography","[mac-apt](https://github.com/ydkhatri/mac_apt)"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fydkhatri%2FMacForensics","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fydkhatri%2FMacForensics","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fydkhatri%2FMacForensics/lists"}