Support for Mac artefact filetypes

Open owentl opened this issue 1 year ago • 2 comments

I appreciate that chainsaw was written to support evtx files, but is there any way to also support Mac logs too? Or has anyone ever run across a tool like chainsaw for Mac?

Aug 08 '24 13:08 owentl

Thre is nothing preventing Chainsaw from supporting Mac logs it is just that no one has added the file parsers to Chainsaw to handle them. Currently Chainsaw supports:

esedb
hve
evtx
json
mft
xml

To handle Mac artefacts it would probably need parsers for plist, bplist, sqlite, unifiedlogs. Depending on what Mac artefacts are to be consumed.

Aug 08 '24 21:08 alexkornitzer

^ Ignore the above commit, I linked the wrong issue.

Aug 19 '24 18:08 alexkornitzer