OSXCollector Logo

OSXCollector

0
Free
Visit Website

OSXCollector is a forensic evidence collection & analysis toolkit for OSX. The collection script runs on a potentially infected machine and outputs a JSON file that describes the target machine. OSXCollector gathers information from plists, SQLite databases, and the local file system. Armed with the forensic collection, an analyst can answer questions like: Is this machine infected? How'd that malware get there? How can I prevent and detect further infection? Yelp automates the analysis of most OSXCollector runs, converting its output into an easily readable and actionable summary of just the suspicious stuff. Check out OSXCollector Output Filters project to learn how to make the most of the automated OSXCollector output analysis. osxcollector.py is a single Python file that runs without any dependencies on a standard OSX machine, making it really easy to run collection on any machine - no fussing with brew, pip, config files, or environment variables. Just copy the single file onto the machine and run it: sudo osxcollector.py is all it takes. $ sudo osxcollector.py Wrote 35394 lines. Output in osx

FEATURES

ALTERNATIVES

Python forensic tool for extracting and analyzing information from Firefox, Iceweasel, and Seamonkey browsers.

Stegextract is a Bash script that extracts hidden files and strings from images, supporting PNG, JPG, and GIF formats.

An open source format for storing digital evidence and data, with a C/C++ library for creating, reading, and manipulating AFF4 images.

ShadowCopy Analyzer is a tool for cybersecurity researchers to analyze and utilize the ShadowCopy technology for file recovery and system restoration.

A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container, aiding in digital forensic triage.

Highlighter is a FireEye Market app that integrates with FireEye products to provide enhanced cybersecurity capabilities.

Tool for parsing NTFS journal files, $Logfile, and $MFT.

Python tool for remotely or locally dumping RAM of a Linux client for digital forensics analysis.

PINNED