mac-osx-forensics icon indicating copy to clipboard operation
mac-osx-forensics copied to clipboard

Published 20 hours ago verified publisher icon jjarava

Metadata

Automatically exported from code.google.com/p/mac-osx-forensics

mac-osx-forensics

Automatically exported from code.google.com/p/mac-osx-forensics

Mac OS X Forensics tools cloned from https://code.google.com/p/mac-osx-forensics on January 12th, 2016

By jjarava

Original project "Readme.md" (or home page info) follows:

Python scripts to check some Mac OS X files.

  • asl.py: Apple System Log parsers (/private/var/log/asl).
  • bsm.py: Basic Security Module (/private/var/audit/).
  • kcpass.py: Decrypt the password store in "/etc/kcpassword" when autologin session is enabled.
  • utmpx.py: UTMPX session file (/private/var/run/utmpx).
  • cups_ipp.py: CUPS IPP Control files parser.
  • plist_artifacts.py: Parsing a group of Plist files that contain timestamp values.
  • plist_user.py: Mac OS X 10.8 and 10.9 users configuration.
  • mac_recent.py: The last open files with the partial bookmark parsed.

Important

Please, remember that most of them are going to be well developed in the PLASO project (http://plaso.kiddaland.net/).
They are only a proof of concept!!!!

RHUL M.Sc. Information Security dissertation project. Author: Joaquin Moreno Garijo

Metadata

25
Stars
8
Forks
Watchers

Owner

verified publisher icon jjarava

Metadata

Automatically exported from code.google.com/p/mac-osx-forensics

Back