Skip to content

Instantly share code, notes, and snippets.

@0xmachos
Last active February 28, 2024 13:11
Star You must be signed in to star a gist
Save 0xmachos/6e8b813cffc2035914606bd4cda491d2 to your computer and use it in GitHub Desktop.
If someone wants to learn MacOS IR/forensics what’s the best resource for that?
@mnrkbys
Copy link

mnrkbys commented Sep 2, 2021

DSStoreParser (Fixed a bug)
https://github.com/mnrkbys/DSStoreParser/tree/fix_bug_non-ascii

If the Mac computer that you are going to investigate is not shutdown yet, you should collect live information.
TrueTree
https://themittenmac.com/the-truetree-concept/
It can get "true" process tree.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment