Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
If someone wants to learn MacOS IR/forensics what’s the best resource for that?

This comment has been minimized.

Copy link

@mnrkbys mnrkbys commented Sep 2, 2021

DSStoreParser (Fixed a bug)

If the Mac computer that you are going to investigate is not shutdown yet, you should collect live information.
It can get "true" process tree.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment