Name : mac_apt
| |
Version : 1.4.3.dev
| Vendor : cert_org
|
Release : 3.el8
| Date : 2022-01-04 18:35:29
|
Group : Applications/Forensics Tools
| Source RPM : mac_apt-1.4.3.dev-3.el8.src.rpm
|
Size : 95.25 MB
| |
Packager : Lawrence R_ Rogers (lrr_cert_org)
| |
Summary : Mac OS Artifact Parsing Tool
|
Description :
mac_apt is a DFIR (Digital Forensics and Incident Response) tool to process Mac computer full disk images (or live machines) and extract data/metadata useful for forensic investigation. It is a python based framework, which has plugins to process individual artifacts (such as Safari internet history, Network interfaces, Recently accessed files & volumes, ..)
mac_apt now also includes ios_apt, for processing ios images.
Requirements: Python 3.7 or above (32/64 bit)
Features
* Cross platform (no dependency on pyobjc) * Works on E01, VMDK, AFF4, DD, split-DD, DMG (no compression), SPARSEIMAGE & mounted images * XLSX, CSV, TSV, Sqlite outputs * Analyzed files/artifacts are exported for later review * zlib, lzvn, lzfse compressed files are supported! * Native HFS & APFS parser * Reads the Spotlight database and Unified Logging (tracev3) files
Latest * Can read Axiom created targeted collection zip files * ios_apt can read GrayKey extracted file system * Can read RECON created .sparseimage files * Support for macOS Big Sur Sealed volumes (11.0) * Introducing ios_apt for processing iOS/ipadOS images * FAST mode * Encrypted APFS images can now be processed using password/recovery-key * macOS Catalina (10.15+) separately mounted SYSTEM & DATA volumes now supported * AFF4 images (including macquisition created) are supported
|
RPM found in directory: /mirror/vol2/forensics.cert.org/centos/cert/8/x86_64 |
Hmm ... It's impossible ;-) This RPM doesn't exist on any FTP server
Provides :
mac_apt
mac_apt(x86-64)
Requires :