18 tools and resources
A free, open-source tool that uncovers persistently installed software on macOS, helping to generically reveal malware.
mac_apt is a versatile DFIR tool for processing Mac and iOS images, offering extensive artifact extraction capabilities and cross-platform support.
Modular Threat Hunting Tool & Framework
Stronghold is the easiest way to securely configure your Mac.
Open Backup Extractor is an open source program for extracting data from iPhone and iPad backups.
A macOS Initial Access Payload Generator for penetration testing and red teaming exercises.
Open-source tool for monitoring macOS hosts with detailed system activity insights.
Santa is a binary and file access authorization system for macOS.
Python script to parse macOS MRU plist files into human-friendly format
A vulnerability management tool for macOS that monitors and detects vulnerabilities in over 100 apps.
An endpoint monitoring tool for Linux and macOS that reports file, socket, and process events to Zeek.
Dump the contents of the location database files on iOS and macOS with output options like KML and CSV.
CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.
Automated Mac Forensic Triage Collector
Semi-tethered jailbreak for iPhone 5s to iPhone X, running iOS 12.0 and up, using the 'checkm8' bootrom exploit.
A DICOM server with a twist, blocking C-STORE attempts for protection but logging them.
A collection of Mac OS X and iOS forensics resources with a focus on artifact collection and collaboration.
APFS is a proprietary file system developed by Apple for macOS, offering improved performance, security, and reliability.
