osxcollector

osxcollector copied to clipboard

[Here](https://github.com/Yelp/paasta/commit/9fa486069cf70b78f43f048ba889fd6870d16e49) is an example how to do it from the PaaSTA GitHub repo.

jjsendor

Split osxcollector.py into several modules

2

`osxcollector.py` grew over time and right now is one big unmaintainable chunk of code. The initial motivation to keep it in one file to make it easy to run seems...

jjsendor

Consider including /var/db/receipts directory in osxcollector outptut

1

There is some pretty cool information in /var/db/receipts. Perhaps this would be useful in our malware investigations. Use lsbom and plutil -convert xml1 to read the contents of the packages...

ivanlei

Grab file hashes from browser extensions

2

So far OSXCollector can list all extensions from Firefox and Chrome but information about a particular extension is limited only to the information available there (name, install date, update page,...

jjsendor

OSXCollector is already collecting ctime and mtime. What is missing is atime which may be also very useful in analysis.

jjsendor

Add timeline view

2

Having the `analyze` output filter is useful for summarizing the events from the triage collection; however, a timeline view would also be extremely beneficial. There are plenty of timestamps being...

hiddenillusion

Firefox extensions information retrieved from _extensions.json_ file in the user's profile contains fields with timestamp data, e.g. _updateDate_ and _installDate_. They should be normalized like the other timestamps retrieved by...

jjsendor

Wiley pentesters love setting up malicious PAM modules, so collecting those could be a great addition.

sroberts