![]() ![]() ![]() Reads Word, Excel, Powerpoint and other office MRU/accessed file paths Retrieve configured internet accounts (iCloud, Google, Linkedin, facebook.) Reads and exports connected iDevice details Reads and exports iPhone/iPad backup databases cookies files and ist for each userĪctive Directory Domain(s) that the mac is connected to Read Chrome History, Top Sites, Downloads and Extension info Retrieves programs, daemons, services set to start at boot/loginīasic machine & OS configuration like SN, timezone, computer name, last logged in user, HFS info Reads ARD (Apple Remote Desktop) cached databases about app usage Reads apps & printers installed and/or available for each user from appList.dat ✔️ AFF4 images (including macquisition created) are supported Available Plugins (artifacts parsed) ✔️ macOS Catalina (10.15+) separately mounted SYSTEM & DATA volumes now supported ✔️ Encrypted □ APFS images can now be processed using password/recovery-key □ ✔️ Introducing ios_apt for processing iOS/ipadOS images ![]() ![]() ✔️ Support for macOS Big Sur Sealed volumes (11.0) ✔️ ios_apt can read GrayKey extracted file system ✔️ Can read Axiom created targeted collection zip files Reads the Spotlight database and Unified Logging (tracev3) files.zlib, lzvn, lzfse compressed files are supported!.Analyzed files/artifacts are exported for later review.Works on E01, VMDK, AFF4, DD, split-DD, DMG (no compression), SPARSEIMAGE & mounted images.Cross platform (no dependency on pyobjc).Requirements: Python 3.7 or above (32/64 bit) Features Mac_apt now also includes ios_apt, for processing ios images. It is a python based framework, which has plugins to process individual artifacts (such as Safari internet history, Network interfaces, Recently accessed files & volumes. Mac_apt is a DFIR (Digital Forensics and Incident Response) tool to process Mac computer full disk images ( or live machines) and extract data/metadata useful for forensic investigation. Mac_apt - macOS (and iOS) Artifact Parsing Tool ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |