Ma2tl - macOS forensic timeline generator using the analysis result DBs of mac apt

Related tags

Third-party APIs Wrappersma2tl
Overview

ma2tl (mac_apt to timeline)

This is a DFIR tool for generating a macOS forensic timeline from the analysis result DBs of mac_apt.

Requirements

  • Python 3.7.0 or later
  • pytz
  • tzlocal
  • xlsxwriter

Installation

% git clone https://github.com/mnrkbys/ma2tl.git

Usage

% python ./ma2tl.py -h
usage: ma2tl.py [-h] [-i INPUT] [-o OUTPUT] [-ot OUTPUT_TYPE] [-s START] [-e END] [-t TIMEZONE] [-l LOG_LEVEL] plugin [plugin ...]

Forensic timeline generator using mac_apt analysis results. Supports only SQLite DBs.

positional arguments:
  plugin                Plugins to run (space separated).

optional arguments:
  -h, --help            show this help message and exit
  -i INPUT, --input INPUT
                        Path to a folder that contains mac_apt DBs.
  -o OUTPUT, --output OUTPUT
                        Path to a folder to save ma2tl result.
  -ot OUTPUT_TYPE, --output_type OUTPUT_TYPE
                        Specify the output file type: SQLITE, XLSX, TSV (Default: SQLITE)
  -s START, --start START
                        Specify start timestamp. (ex. 2021-11-05 08:30:00)
  -e END, --end END     Specify end timestamp.
  -t TIMEZONE, --timezone TIMEZONE
                        Specify Timezone: "UTC", "Asia/Tokyo", "US/Eastern", etc (Default: System Local Timezone)
  -l LOG_LEVEL, --log_level LOG_LEVEL
                        Specify log level: INFO, DEBUG, WARNING, ERROR, CRITICAL (Default: INFO)

The following 4 plugins are available:
    FILE_DOWNLOAD       Extract file download activities.
    PERSISTENCE         Extract persistence settings.
    PROG_EXEC           Extract program execution activities.
    VOLUME_MOUNT        Extract volume mount/unmount activities.
    ----------------------------------------------------------------------------
    ALL                 Run all plugins

Generated timeline example

Scenario Timeline

Presentation

This tool was published on Japan Security Analyst Conference 2022 (JSAC2022).

Slides are available below:

Author

Minoru Kobayashi

License

MIT

Owner
Minoru Kobayashi
Minoru Kobayashi
GitHub Repository
Discord-RAID-Tool - Hacks/tools

How to use Python must be installed run install-config If you dont have python installed, download python 3.7.6 and make sure you click on the 'ADD TO

1 Jan 01, 2022
A simple bot which using an API , detects reported discord scams and kicks the user if possible while deleting the message

A simple bot which using an API , detects reported discord scams and kicks the user if possible while deleting the message

Vioshim 3 Nov 16, 2022
Find songs by lyrics.

LyricSearch Hi, welcome to LyricSearch - a simple (Yes), fast (Maybe), and powerful (Approach) lyric search engine. We support Three search methods to

Dicer_ 1 Dec 13, 2021
GitGram Bot. Bot Then Message You Your Repo Starts, Forks, And Many More

Yet Another GitAlertBot Inspired From Dev-v2's GitGram Run Bot: Local Host Git Clone Repo : For Telethon Version : git clone https://github.com/TeamAl

Alina RoBot 2 Nov 24, 2021
A program that generates discord.py code

discord-py-generator A program that generates discord.py code Setup in cmds.txt file add your user id, client id and bot token you can change the bot

3 Dec 15, 2022
Lazy airdrop based on private temporary ids

LobsterDAO This uses a modified MerkleDistributor, which allows to issue a lazy airdrop using temporary IDs. In this example it uses Telegram chat_id

41 Sep 10, 2022
Images to PDF Telegram Bot

ilovepdf Convert Images to PDF Bot This bot will helps you to create pdf's from your images [without leaving telegram] 😉 By Default: your pdf fil

✰Naͥbiͣlͫ A Navab✰ 116 Dec 29, 2022
Botto - A discord bot written in python that uses the hikari and lightbulb modules to make this bot

❓ About Botto Hi! This is botto, a discord bot written in python that uses the h

3 Sep 13, 2022
Lib for create and show QRCode to PIX, you can show this code in another applications for payment by final consumer.

Biblioteca para a geração de codigos QR (BRCode como chamados na documentação do BACEN) a fins de facilitar a exibição para pagamentos ao consumidor.

João Camargo 13 Oct 05, 2022
Auxiliator is telegram bot for basic web-application analysis

Auxiliator Auxiliator is telegram bot for basic web-application analysis What for? Sometimes there is no access to your main PC, where you can scan we

Revoltage 13 Dec 26, 2021
A Python library for the Buildkite API

PyBuildkite A Python library and client for the Buildkite API. Usage To get the package, execute: pip install pybuildkite Then set up an instance of

Peter Yasi 29 Nov 30, 2022
A discord bot that moderates your server!

Staff Bot para Discord O que é? É um bot que modera o seu servidor no Discord, apagando mensagens indesejadas que os usuários mandem! Como usar Primei

Isac Gonçalves Cunha 3 Oct 07, 2021
scrape tiktok/douyin video list from specific user or keyword

get-tiktok-user-video-list scrape tiktok/douyin video list from specific user or keyword 以**https://www.douyin.com/user/MS4wLjABAAAAUpIowEL3ygUAahQB47

wanghaisheng 4 Jul 06, 2022
A Telegram bot for combining emojis.

combimoji combimoji is a Telegram bot for combining emojis. How can I use it? You can find combimoji at @combimoji_bot, however it is not up (as of No

Yarema Mishchenko 2 Dec 02, 2021
PRNT.sc Image Grabber

PRNTSender PRNT.sc Image Grabber PRNTSender is a script that takes images posted on PRNT.sc and sends them to a Discord webhook, if you want to know h

neox 2 Dec 10, 2021
python3.5+ hubspot client based on hapipy, but modified to use the newer endpoints and non-legacy python

A python wrapper around HubSpot's APIs, for python 3.5+. Built initially around hapipy, but heavily modified. Check out the documentation here! (thank

Jacobi Petrucciani 140 Dec 21, 2022
Bot developed in python, 100% open-source, compatible with Windows and Linux.

Bombcrypto Bot [Family JOW] Bot desenvolvido em python, 100% do código é aberto, para aqueles que tenham conhecimento validarem que não existe nenhum

Renato Maia 71 Dec 20, 2022
This repository is for active development of the Azure SDK for Python. For consumers of the SDK we recommend visiting our public developer docs at https://docs.microsoft.com/en-us/python/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-python.

Azure SDK for Python This repository is for active development of the Azure SDK for Python. For consumers of the SDK we recommend visiting our public

Microsoft Azure 3.4k Jan 03, 2023
Telegram Voice Chat UserBot made with Pyrogram and MarshalX/tgcalls with playlist and Heroku support

Telegram Voice Chat UserBot A Telegram UserBot to Play Audio in Voice Chats. This is also the source code of the userbot which is being used for playi

Calls Music 164 Nov 12, 2022
Dodo - A graphical, hackable email client based on notmuch

Dodo Dodo is a graphical email client written in Python/PyQt5, based on the comm

Aleks Kissinger 44 Nov 12, 2022