Awesome DFIR - Digital Forensics & Incident Response
🍏

Mac OS X Forensics

Mac OS X Forensics Cheat Sheets

🛠️
DFIR Tooling

🍎
Crescendo
github.com
osxevent viewer
🗃️
mac_apt - macOS Artifact Parsing Tool
github.com
osx artificat collection
🗃️
OSXCollector
github.com
osx artificat collection
🗃️
OS X Auditor
github.com
osx artificat collection
💾
Magnet ACQUIRE
www.magnetforensics.com
disk image creationosxandroid
🍎
TaskExplorer (Objective-See)
objective-see.com
osxartifact analysis
🍎
ReiKey (Objective-See)
objective-see.com
osxartifact analysiskeylogger
🍎
Netiquette (Objective-See)
objective-see.com
osxnetwork monitoring
🍎
KextViewr (Objective-See)
objective-see.com
osxartifact analysis
🍎
Dylib Hijack Scanner (Objective-See)
objective-see.com
osxartifact analysishijacking scanner
🍎
What's Your Sign? (Objective-See)
objective-see.com
osxartifact analysiscrypto signature
🍎
ProcessMonitor (Objective-See)
objective-see.com
osxmalware analysissystem monitoring
🍎
LuLu (Objective-See)
objective-see.com
osxfirewallnetwork monitoring
🍎
KnockKnock (Objective-See)
objective-see.com
osxartifact analysispersistence
⚙️
Skadi
github.com
all-in-onewindowslinuxosx
🔍
Limacharlie
github.com
all-in-onesaaswindowsosxlinuxandroidiosforensics
🔍
Zentral
github.com
artifact collectionartifact analysislinuxosxall-in-one
🔍
Redline (FireEye)
www.fireeye.com
forensicsanalyticswindowslinuxosxartifact collection
🔍
Fleetdm
github.com
remoteforensicslinuxosx
🔍
Doorman
github.com
remoteforensicsosxlinux
🔍
Google Rapid Response (GRR)
github.com
forensicsremotewindowslinuxosxframeworkall-in-one
🔍
osquery
osquery.io
analyticssystem monitoringosxlinuxwindowsfreebsd
🗃️
AppCompatProcessor
github.com
logparsingosxlinux
📑
Fenrir
github.com
ioc scannerlinuxosx
🗃️
FastIR Artifacts
github.com
artifact collectionwindowslinuxosx
📑
rastrea2r
github.com
yaraartifact analysiswindowslinuxosx
🐧
UAC (Unix-like Artifacts Collector)
github.com
artifact collectionlinuxosxosx artificat collectionsolarisaixbsd