mac_apt Logo

mac_apt

0
Free
Visit Website

mac_apt is a DFIR (Digital Forensics and Incident Response) tool designed to process Mac computer full disk images or live machines, extracting data and metadata crucial for forensic investigations. It is a Python-based framework with plugins for processing various artifacts like Safari internet history, network interfaces, and recently accessed files. Additionally, mac_apt now includes ios_apt for handling iOS images. It is cross-platform, supports multiple image formats, provides outputs in XLSX, CSV, TSV, and SQLite, and can handle compressed files. The tool also features native HFS and APFS parsing, reads Spotlight database and Unified Logging files, and supports macOS Big Sur sealed volumes.

FEATURES

ALTERNATIVES

A framework for orchestrating forensic collection, processing, and data export.

Scripts to automate the process of enumerating a Linux system through a Local File Inclusion (LFI) vulnerability.

A tool that uses Plaso to parse forensic artifacts and disk images, creating custom reports for easier analysis.

Tool for live forensics acquisition on Windows systems, collecting artefacts for early compromise detection.

Magnet ACQUIRE offers robust data extraction capabilities for digital forensics investigations, supporting a wide range of devices.

OSXCollector is a forensic evidence collection & analysis toolkit for OSX.

A Mac OS X computer forensics tool for analyzing system artifacts, user files, and logs with reputation verification and log aggregation capabilities.

iOS Mobile Backup Xtractor tool for extracting iOS backups.

PINNED