applications/forensics tools

mac_apt - Mac OS Artifact Parsing Tool

Website: https://github.com/ydkhatri/mac_apt/wiki
License: GPL
Vendor: cert.org
Description:
mac_apt is a DFIR (Digital Forensics and Incident Response) tool to process Mac computer full disk images (or live machines) and extract
data/metadata useful for forensic investigation. It is a python based framework, which has plugins to process individual artifacts (such as Safari
internet history, Network interfaces, Recently accessed files & volumes, ..)

mac_apt now also includes ios_apt, for processing ios images.

Requirements: Python 3.7 or above (32/64 bit)

Features

* Cross platform (no dependency on pyobjc)
* Works on E01, VMDK, AFF4, DD, split-DD, DMG (no compression), SPARSEIMAGE & mounted images
* XLSX, CSV, TSV, Sqlite outputs
* Analyzed files/artifacts are exported for later review
* zlib, lzvn, lzfse compressed files are supported!
* Native HFS & APFS parser
* Reads the Spotlight database and Unified Logging (tracev3) files

Latest
*  Can read Axiom created targeted collection zip files
*  ios_apt can read GrayKey extracted file system
*  Can read RECON created .sparseimage files
*  Support for macOS Big Sur Sealed volumes (11.0)
*  Introducing ios_apt for processing iOS/ipadOS images
*  FAST mode
*  Encrypted APFS images can now be processed using password/recovery-key
*  macOS Catalina (10.15+) separately mounted SYSTEM & DATA volumes now supported
*  AFF4 images (including macquisition created) are supported

Packages

mac_apt-1.4.3.dev-3.el8.src [19.6 MiB] Changelog by Lawrence R. Rogers (2021-09-04):
* Release 1.4.3.dev-1
	Version 1.4.3.dev

Listing created by Repoview-0.6.6-4.el7