Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
If someone wants to learn MacOS IR/forensics what’s the best resource for that?
Copy link

mnrkbys commented Sep 2, 2021

DSStoreParser (Fixed a bug)

If the Mac computer that you are going to investigate is not shutdown yet, you should collect live information.
It can get "true" process tree.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment