Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ydkhatri/MacForensics

Scripts to process macOS forensic artifacts
https://github.com/ydkhatri/MacForensics

forensics mac macos osx

Last synced: 5 days ago
JSON representation

Scripts to process macOS forensic artifacts

Awesome Lists containing this project

README 

        
# MacForensics



Repository of scripts for processing various artifacts from macOS (formerly OSX).



Artifact | Script Name | Description

-------- | ----------- | ------------

Darwin folders | darwin_path_generator.py | DARWIN_USER_ folders name generation algorithm (those seemingly random folder names under /var/folders/)

Deserialize NSKeyedArchive plists | Deserializer/deserializer.py
Deserializer/deserializer.exe | Converts NSKeyedArchive plists to normal (human-readable) plists (Code + compiled exe for windows)  

Domain (Active Directory) | Domain_Info/Read_ConfigProfiles.py | Reads user profile information for AD domain users from the ConfigProfiles.binary file

DotUnderscore ._ files | DotUnderscore_macos.bt | An 010 template for parsing extended attribute files that begin with ._

Ktx to Png convertor | IOS_KTX_TO_PNG/ios_ktx2png.py
IOS_KTX_TO_PNG/ios_ktx2png.exe | Convert ios created KTX texture images (like app snapshots) to PNG (Code + compiled exe for windows)  

Notifications | macNotifications.py | Parse Mac Notifications db

Office reg file | Read_OfficeRegDB.py | Parse MS Office created sqlite db (microsoftRegistrationDB.reg)