Ma2tl - macOS forensic timeline generator using the analysis result DBs of mac apt

Related tags

Third-party APIs Wrappersma2tl
Overview

ma2tl (mac_apt to timeline)

This is a DFIR tool for generating a macOS forensic timeline from the analysis result DBs of mac_apt.

Requirements

  • Python 3.7.0 or later
  • pytz
  • tzlocal
  • xlsxwriter

Installation

% git clone https://github.com/mnrkbys/ma2tl.git

Usage

% python ./ma2tl.py -h
usage: ma2tl.py [-h] [-i INPUT] [-o OUTPUT] [-ot OUTPUT_TYPE] [-s START] [-e END] [-t TIMEZONE] [-l LOG_LEVEL] plugin [plugin ...]

Forensic timeline generator using mac_apt analysis results. Supports only SQLite DBs.

positional arguments:
  plugin                Plugins to run (space separated).

optional arguments:
  -h, --help            show this help message and exit
  -i INPUT, --input INPUT
                        Path to a folder that contains mac_apt DBs.
  -o OUTPUT, --output OUTPUT
                        Path to a folder to save ma2tl result.
  -ot OUTPUT_TYPE, --output_type OUTPUT_TYPE
                        Specify the output file type: SQLITE, XLSX, TSV (Default: SQLITE)
  -s START, --start START
                        Specify start timestamp. (ex. 2021-11-05 08:30:00)
  -e END, --end END     Specify end timestamp.
  -t TIMEZONE, --timezone TIMEZONE
                        Specify Timezone: "UTC", "Asia/Tokyo", "US/Eastern", etc (Default: System Local Timezone)
  -l LOG_LEVEL, --log_level LOG_LEVEL
                        Specify log level: INFO, DEBUG, WARNING, ERROR, CRITICAL (Default: INFO)

The following 4 plugins are available:
    FILE_DOWNLOAD       Extract file download activities.
    PERSISTENCE         Extract persistence settings.
    PROG_EXEC           Extract program execution activities.
    VOLUME_MOUNT        Extract volume mount/unmount activities.
    ----------------------------------------------------------------------------
    ALL                 Run all plugins

Generated timeline example

Scenario Timeline

Presentation

This tool was published on Japan Security Analyst Conference 2022 (JSAC2022).

Slides are available below:

Author

Minoru Kobayashi

License

MIT

Owner
Minoru Kobayashi
Minoru Kobayashi
GitHub Repository
Unofficial Meteor Client wiki

Welcome to the Unofficial Meteor Client wiki! Meteor FAQs | A rewritten and better FAQ page. Installation Guide | A guide on how to install Meteor Cli

Anti Cope 0 Feb 21, 2022
Discord Rich Presence implementation for Plex.

Perplex Perplex is a Discord Rich Presence implementation for Plex. Features Modern and beautiful Rich Presence for both movies and TV shows The Movie

Ethan 52 Dec 19, 2022
A Simple Voice Music Player

๐Ÿ“€ ๐•๐‚๐”๐ฌ๐ž๐ซ๐๐จ๐ญ โˆš๐™๐™š๐™–๐™ขโœ˜๐™Š๐™˜๐™ฉ๐™–๐™ซ๐™š NOTE JUST AN ENGLISH VERSION OF OUR PRIVATE SOURCE WAIT FOR LATEST UPDATES JOIN @๐’๐”๐๐๐Ž๐‘๐“ JOIN @๐‚?

TeamOctave 8 May 08, 2022
Built for streamlining development of Google Assistant Actions

Apprentice Apprentice is a framework built for developing Google Actions via Dialogflow and Google Cloud (serverless) Functions. Includes: plug-and-pl

Andrew Graham-Yooll 9 May 16, 2019
A simple Discord Token Grabber sending the new token if the victim changes his password.

๐Ÿ’Ž Riot ๐Ÿ’Ž Riot is a simple Discord token grabber written in Python3 running in background and executing when the victim start their computer. If the

Billy 66 Dec 26, 2022
๐€ ๐ฆ๐จ๐๐ฎ๐ฅ๐š๐ซ ๐“๐ž๐ฅ๐ž๐ ๐ซ๐š๐ฆ ๐†๐ซ๐จ๐ฎ๐ฉ ๐ฆ๐š๐ง๐š๐ ๐ž๐ฆ๐ž๐ง๐ญ ๐›๐จ๐ญ ๐ฐ๐ข๐ญ๐ก ๐ฎ๐ฅ๐ญ๐ข๐ฆ๐š๐ญ๐ž ๐Ÿ๐ž๐š๐ญ๐ฎ๐ซ๐ž๐ฌ

๐‡๐จ๐ฐ ๐“๐จ ๐ƒ๐ž๐ฉ๐ฅ๐จ๐ฒ For easiest way to deploy this Bot click on the below button ๐Œ๐š๐๐ž ๐๐ฒ ๐’๐ฎ๐ฉ๐ฉ๐จ๐ซ๐ญ ๐†๐ซ๐จ๐ฎ๐ฉ ๐’๐จ๐ฎ๐ซ๐œ๐ž๐ฌ ๐†๐ž๐ง๐ž?

Mukesh Solanki 2 Oct 06, 2021
Discord spam bots with multiple account support and more

Discord spam bots with multiple account support and more. PLEASE READ EVERYTHING BEFORE WRITING AN ISSUE!! Server Messages Text Image Dm Messages Text

Mr. Nobody 6 Sep 14, 2022
rewise is an unofficial wrapper for google search's auto-complete feature

rewise is an unofficial wrapper for google search's auto-complete feature

Somdev Sangwan 71 Jul 19, 2022
Um bot para contar quantas vezes o meu amigo troca de pfp/nick/tag essas coisas ae pq aquele mlk n para quieto

EkiBot Um bot que tem apenas as suas funรงรตes de audit log com as PFP's (avatares) dos usuรกrios Pode ser usado para um usuรกrio em especรญfico, ou atรฉ me

Samuel 3 Aug 11, 2021
A minimal open source mtg-like tcg game made in python that can be played on a terminal emulator using a keyboard.

TCG-TERM Project state: ๐Ÿ”ง ๐Ÿšง ๐Ÿšง ๐Ÿšง Incomplete, In development ๐Ÿšง ๐Ÿšง ๐Ÿšง ๐Ÿ‘ท (Keep in mind that at the moment, This project is currently undone, and wil

Amos 3 Aug 29, 2021
๐Ÿ’– Telegram - Telethon - UserBot ๐Ÿ’–

ใ€Žแญ™๊ช–แฅ…ฦบแบžรธโ€ ใ€ ๐Ÿ‡ฎ๐Ÿ‡ณ โšก แญ™๊ช–แฅ…ฦบBot Is One Of The Fastest & Smoothest Bot On Telegram Based on Telethon โšก Status Of Bot Telegram ๐Ÿช YouTube ๐Ÿ“บ Dั”ฯโ„“ฮฟฮณ ฯ„ฮฟ ะฝั”ัฮฟฮบฯ… D

Team WarZ 1 Mar 28, 2022
Starlink Order Status Notification

Starlink Order Status Notification This script logs into Starlink order portal, pulls your estimated delivery date and emails it to a designated email

Aaron R. 1 Jul 08, 2022
A Powerful, Smart And Simple Userbot In Pyrogram.

Eagle-USERBOT ๐Ÿ‡ฎ๐Ÿ‡ณ A Powerful, Smart And Simple Userbot In Pyrogram. Support ๐Ÿš‘ Inspiration & Credits Userge-X Userge Pokurt Pyrogram Code Owners Mast

Masterolic 1 Nov 28, 2021
For Help/Questions Join in discord

Simple-Nitro-Generator-Source Must have installed python! Discord: $MartoBossX#7777 Server: https://discord.gg/ErynDxTV5Y DONATE: (Crypto) BTC: bc1qg8

1 Jan 08, 2022
Demonstrate how GitHub OIDC token getting should be included in boto3

boto3 should add direct support for AssumeRoleWithWebIdentity for GitHub Actions There is a aws-actions/configure-aws-credentials action that will get

Ben Kehoe 11 Aug 29, 2022
WhatsApp Api Python - This documentation aims to exemplify the use of Moorse Whatsapp API in Python

WhatsApp API Python ChatBot Este repositรณrio contรฉm uma aplicaรงรฃo que se utiliza

Moorse.io 3 Jan 08, 2022
Script to post multiple status(posts) on twitter

Script to post multiple status on twitter (i.e. TWITTER STORM) This program can post upto maximum limit of twitter(around 300 tweets) within seconds.

Sandeep Kumar 4 Sep 09, 2021
An unofficial API for lyricsfreak.com using django and django rest framework.

An unofficial API for lyricsfreak.com using django and django rest framework.

Hesam Norin 1 Feb 09, 2022
Pycord, a maintained fork of discord.py, is a python wrapper for the Discord API

pycord A fork of discord.py. PyCord is a modern, easy to use, feature-rich, and async ready API wrapper for Discord written in Python. Key Features Mo

Pycord Development 2.3k Dec 31, 2022
ServiceX DID Finder Girder

ServiceX_DID_Finder_Girder Access datasets for ServiceX from yt Hub Finding datasets This DID finder is designed to take a collection id (https://gird

1 Dec 07, 2021