May 31, 2023: mac_apt-1.5.0.dev-3.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and mac_apt-1.5.0.dev-3.el9.{x86_64,aarch64}.rpm -
Mac_apt is a DFIR (Digital Forensics and Incident Response) tool to process Mac computer full disk images (or live machines)
and extract data/metadata useful for forensic investigation.
It is a python based framework, which has plugins to process individual artifacts (such as Safari internet history, Network interfaces, Recently accessed files & volumes, etc.).
This package is based on the 2023-03-12 version of the code.
January 5, 2022: mac_apt-1.4.3.dev-3.{fc33,fc34,fc35,el7,el8}.x86_64.rpm -
Mac_apt is a DFIR (Digital Forensics and Incident Response) tool to process Mac computer full disk images (or live machines)
and extract data/metadata useful for forensic investigation.
It is a python based framework, which has plugins to process individual artifacts (such as Safari internet history, Network interfaces, Recently accessed files & volumes, etc.).
This package is based on the 2022-01-04 version of the code.
December 1, 2021: mac_apt-1.4.3.dev-2.{fc32,fc33,fc34,fc35,el7,el8}.x86_64.rpm -
Mac_apt is a DFIR (Digital Forensics and Incident Response) tool to process Mac computer full disk images (or live machines)
and extract data/metadata useful for forensic investigation.
It is a python based framework, which has plugins to process individual artifacts (such as Safari internet history, Network interfaces, Recently accessed files & volumes, etc.).
This package fixes a scripting error for each provided command.
November 19, 2021: mac_apt-1.4.3.dev-1.{fc32,fc33,fc34,fc35,el7,el8}.x86_64.rpm -
Mac_apt is a DFIR (Digital Forensics and Incident Response) tool to process Mac computer full disk images (or live machines)
and extract data/metadata useful for forensic investigation.
It is a python based framework, which has plugins to process individual artifacts (such as Safari internet history, Network interfaces, Recently accessed files & volumes, etc.).
Here are a list of features:
Cross platform (no dependency on pyobjc)
Works on E01, VMDK, AFF4, DD, split-DD, DMG (no compression), SPARSEIMAGE & mounted images
XLSX, CSV, TSV, Sqlite outputs
Analyzed files/artifacts are exported for later review
zlib, lzvn, lzfse compressed files are supported!
Native HFS & APFS parser
Reads the Spotlight database and Unified Logging (tracev3) files
And here are a list of new functionality added in this release:
Can read Axiom created targeted collection zip files
ios_apt can read GrayKey extracted file system
Can read RECON created .sparseimage files
Support for macOS Big Sur Sealed volumes (11.0)
Introducing ios_apt for processing iOS/ipadOS images
FAST mode ⏳
Encrypted 🔒 APFS images can now be processed using password/recovery-key 🔑
macOS Catalina (10.15+) separately mounted SYSTEM & DATA volumes now supported
AFF4 images (including macquisition created) are supported
September 24, 2020: mac_apt-0.7-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and mac_apt-0.7-1.{fc321,fc32,el7,el8}.x86_64.rpm -
Mac_apt is a DFIR (Digital Forensics and Incident Response) tool to process Mac computer full disk images (or live machines) and extract data/metadata useful for forensic investigation.
It is a python based framework, which has plugins to process individual artifacts (such as Safari internet history, Network interfaces, Recently accessed files & volumes, etc.).
Here are a list of features:
Cross platform (no dependency on pyobjc)
Works on E01, VMDK, AFF4, DD, split-DD, DMG (no compression) and mounted images
XLSX, CSV, Sqlite outputs
Analyzed files/artifacts are exported for later review
zlib, lzvn, lzfse compressed files are supported!
Native HFS and APFS parser
Reads the Spotlight database and Unified Logging (tracev3) files
And here are a list of new functionality added in this release:
Support for macOS Big Sur (11.0)
FAST mode ⏳
Encrypted 🔒 APFS images can now be processed using password/recovery-key 🔑
macOS Catalina (10.15) images can be parsed now
macOS Catalina (10.15) separately mounted SYSTEM and DATA volumes now supported
AFF4 images (including macquisition created) now supported