OSXCollector - A Forensic Evidence Collection & Analysis Toolkit For OS X

✨ DeeZNuTz

✨ DeeZNuTz

✨ Master ✨
Staff member
May 15, 2017
990
759
1,045
osxcollector_1_osx-github.png


OSXCollector is a forensic evidence collection & analysis toolkit for OSX.
Forensic Collection
The collection script runs on a potentially infected machine and outputs a JSON file that describes the target machine. OSXCollector gathers information from plists, SQLite databases and the local file system.
Forensic Analysis
Armed with the forensic collection, an analyst can answer the question like:
  • Is this machine infected?
  • How'd that malware get there?
  • How can I prevent and detect further infection?
Yelp automates the analysis of most OSXCollector runs converting its output into an easily readable and actionable summary of just the suspicious stuff. Check out OSXCollector Output Filters project to learn how to make the most of the automated OSXCollector output analysis.
Performing Collection
osxcollector.py is a single Python file that runs without any dependencies on a standard OSX machine. This makes it really easy to run collection on any machine - no fussing with brew, pip, config files, or environment variables. Just copy the single file onto the machine and run it:
Code:
sudo osxcollector.py
is all it takes.
Download Osxcollector
 
You must log in or register to reply here.

About us

  • Our community has been around for many years and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. We are working every day to make sure our community is one of the best.

Quick Navigation

Home Forums

User Menu

Login
Top Bottom