Ma2tl - macOS forensic timeline generator using the analysis result DBs of mac apt

Last update: Nov 18, 2022

Related tags

Third-party APIs Wrappers ma2tl

Overview

ma2tl (mac_apt to timeline)

This is a DFIR tool for generating a macOS forensic timeline from the analysis result DBs of mac_apt.

Requirements

Python 3.7.0 or later
pytz
tzlocal
xlsxwriter

Installation

% git clone https://github.com/mnrkbys/ma2tl.git

Usage

% python ./ma2tl.py -h
usage: ma2tl.py [-h] [-i INPUT] [-o OUTPUT] [-ot OUTPUT_TYPE] [-s START] [-e END] [-t TIMEZONE] [-l LOG_LEVEL] plugin [plugin ...]

Forensic timeline generator using mac_apt analysis results. Supports only SQLite DBs.

positional arguments:
  plugin                Plugins to run (space separated).

optional arguments:
  -h, --help            show this help message and exit
  -i INPUT, --input INPUT
                        Path to a folder that contains mac_apt DBs.
  -o OUTPUT, --output OUTPUT
                        Path to a folder to save ma2tl result.
  -ot OUTPUT_TYPE, --output_type OUTPUT_TYPE
                        Specify the output file type: SQLITE, XLSX, TSV (Default: SQLITE)
  -s START, --start START
                        Specify start timestamp. (ex. 2021-11-05 08:30:00)
  -e END, --end END     Specify end timestamp.
  -t TIMEZONE, --timezone TIMEZONE
                        Specify Timezone: "UTC", "Asia/Tokyo", "US/Eastern", etc (Default: System Local Timezone)
  -l LOG_LEVEL, --log_level LOG_LEVEL
                        Specify log level: INFO, DEBUG, WARNING, ERROR, CRITICAL (Default: INFO)

The following 4 plugins are available:
    FILE_DOWNLOAD       Extract file download activities.
    PERSISTENCE         Extract persistence settings.
    PROG_EXEC           Extract program execution activities.
    VOLUME_MOUNT        Extract volume mount/unmount activities.
    ----------------------------------------------------------------------------
    ALL                 Run all plugins

Generated timeline example

Presentation

This tool was published on Japan Security Analyst Conference 2022 (JSAC2022).

Slides are available below:

Author

Minoru Kobayashi

License

MIT

Ma2tl - macOS forensic timeline generator using the analysis result DBs of mac apt

Related tags

Overview

ma2tl (mac_apt to timeline)

Requirements

Installation

Usage

Generated timeline example

Presentation

Author

License

Owner

Minoru Kobayashi

Python SDK for the Buycoins API.

Spore REST API asyncio client

:evergreen_tree: Python module for communicating with the Taiga API

python based bot Sends notification to your telegram whenever a new video is released on a youtube channel!

Takes upcoming items from a Google Calendar and posts them to Slack.

Async client API for the Telegram Group Calls

Asynchronous Python Wrapper for the Ufile API

Advanced Number Validator Using telnyx api

Discord-account-generator - Creates Discord accounts and verifies by email & phone verification. Supports proxies. Uses sms-activate, kopeechka and anti captcha

Trading Strategies (~50%) developed by GreenT on QuantConnect platform over the autumn quarter

Ini Hanya Shortcut Untuk Menambahkan Kunci Tambahan Pada Termux & Membantu Para Nub Yang Decode Script Orang:v

Telegram Vc Video Player Bot

A Bot, which observes your counting-abilities and controls your drinking-habits, too!

Want to play What Would Rather on your Server? Invite the bot now!😏

Script Crack Facebook, and Instagram 🚶‍♂

Copier template for solving Advent of Code puzzles with Python

Dynamic Twitter banner, to show off your spotify status. Banner updated every 5 minutes.

A project that automatically sends you a Medium article on a topic of your choosing to your email address daily.

Gorrabot is a bot made to automate checks and processes in the development process.

Its Is A Telegram Maths Basic Calculator Bot