mac_apt Logo

mac_apt

0
Free
Visit Website

mac_apt is a DFIR (Digital Forensics and Incident Response) tool designed to process Mac computer full disk images or live machines, extracting data and metadata crucial for forensic investigations. It is a Python-based framework with plugins for processing various artifacts like Safari internet history, network interfaces, and recently accessed files. Additionally, mac_apt now includes ios_apt for handling iOS images. It is cross-platform, supports multiple image formats, provides outputs in XLSX, CSV, TSV, and SQLite, and can handle compressed files. The tool also features native HFS and APFS parsing, reads Spotlight database and Unified Logging files, and supports macOS Big Sur sealed volumes.

FEATURES

ALTERNATIVES

Forensic imaging program with full hash authentication and various acquisition options.

libevt is a library to access and parse Windows Event Log (EVT) files.

Toolkit for performing acquisitions on iOS devices with logical and filesystem acquisition support.

ID-spoofing NFS client

Custom built application for asynchronous forensic data presentation on an Elasticsearch backend, with upcoming features like Docker-based installation and new UI rewrite in React.

A digital investigation platform for parsing, searching, and visualizing evidences with advanced analytics capabilities.

A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.

Autopsy is a GUI-based digital forensics platform for analyzing hard drives and smart phones, with a plug-in architecture for custom modules.

PINNED