Screenshots
Example Usage
$ sudo python2.7 ./macosac.py -h
usage: macosac.py [-h] [-o OUTPUTDIR] [-t OUTPUTTYPE] [-l] [-c CATEGORIES]
[-ls] [-tm] [-ts TIMESTAMP] [-tz TIMEZONE] [-vn VOLUMENAME]
[--use-builtincopy] [--debug]
Collects macOS forensic artifacts.
optional arguments:
-h, --help show this help message and exit
-o OUTPUTDIR, --outputdir OUTPUTDIR
Output directory for collected artifacts
-t OUTPUTTYPE, --outputtype OUTPUTTYPE
Output type: dir, dmg or ro-dmg. "ro-dmg" means "Read
Only DMG". Converts a regular dmg to UDRO format after
collecting artifacts. (default: dir)
-l, --list List categories which are defined in macosac.ini
-c CATEGORIES, --categories CATEGORIES
Specify comma separated categories (default: all).
-ls, --localsnapshots
Retrieve artifacts from local snapshots.
-tm, --timemachine Retrieve artifacts from Time Machine bakcups.
-ts TIMESTAMP, --timestamp TIMESTAMP
Specify the timestamp of localsnapshots/Time Machine
bac
See also
Bulk Extractor
Open Source
Kali
Scans a disk image, file, or directory and extracts features such as email addresses, URLs, credit c…
horus
Open Source
An OSINT / digital forensics tool built in Python…
byvalver
Free
takes shellcode bad-bytes and banishes them, returning cleaned shellcode with preserved functionalit…
speakeasy
Open Source
Windows kernel and user mode emulation.…
LockKnife
Open Source
LockKnife: The Ultimate Android Security Research Tool. A unified TUI workspace and headless CLI for…
SingleFileExtractor
Open Source
A tool for extracting contents (assemblies, configuration, etc.) from a single-file application to a…