Ma2tl - macOS forensic timeline generator using the analysis result DBs of mac apt

Related tags

Third-party APIs Wrappersma2tl
Overview

ma2tl (mac_apt to timeline)

This is a DFIR tool for generating a macOS forensic timeline from the analysis result DBs of mac_apt.

Requirements

  • Python 3.7.0 or later
  • pytz
  • tzlocal
  • xlsxwriter

Installation

% git clone https://github.com/mnrkbys/ma2tl.git

Usage

% python ./ma2tl.py -h
usage: ma2tl.py [-h] [-i INPUT] [-o OUTPUT] [-ot OUTPUT_TYPE] [-s START] [-e END] [-t TIMEZONE] [-l LOG_LEVEL] plugin [plugin ...]

Forensic timeline generator using mac_apt analysis results. Supports only SQLite DBs.

positional arguments:
  plugin                Plugins to run (space separated).

optional arguments:
  -h, --help            show this help message and exit
  -i INPUT, --input INPUT
                        Path to a folder that contains mac_apt DBs.
  -o OUTPUT, --output OUTPUT
                        Path to a folder to save ma2tl result.
  -ot OUTPUT_TYPE, --output_type OUTPUT_TYPE
                        Specify the output file type: SQLITE, XLSX, TSV (Default: SQLITE)
  -s START, --start START
                        Specify start timestamp. (ex. 2021-11-05 08:30:00)
  -e END, --end END     Specify end timestamp.
  -t TIMEZONE, --timezone TIMEZONE
                        Specify Timezone: "UTC", "Asia/Tokyo", "US/Eastern", etc (Default: System Local Timezone)
  -l LOG_LEVEL, --log_level LOG_LEVEL
                        Specify log level: INFO, DEBUG, WARNING, ERROR, CRITICAL (Default: INFO)

The following 4 plugins are available:
    FILE_DOWNLOAD       Extract file download activities.
    PERSISTENCE         Extract persistence settings.
    PROG_EXEC           Extract program execution activities.
    VOLUME_MOUNT        Extract volume mount/unmount activities.
    ----------------------------------------------------------------------------
    ALL                 Run all plugins

Generated timeline example

Scenario Timeline

Presentation

This tool was published on Japan Security Analyst Conference 2022 (JSAC2022).

Slides are available below:

Author

Minoru Kobayashi

License

MIT

Owner
Minoru Kobayashi
Minoru Kobayashi
GitHub Repository
An unofficial client library for Google Music.

gmusicapi: an unofficial API for Google Play Music gmusicapi allows control of Google Music with Python. from gmusicapi import Mobileclient api = Mob

Simon Weber 2.5k Dec 15, 2022
A minimal caching proxy to GitHub's REST & GraphQL APIs

github-proxy A caching forward proxy to GitHub's REST and GraphQL APIs. GitHub-Proxy is a thin, highly extensible, highly configurable python framewor

Babylon Health 26 Oct 05, 2022
TORNADO CASH Pancakeswap Sniper BOT 2022-V1 (MAC WINDOWS ANDROID LINUX)

TORNADO CASH Pancakeswap Sniper BOT 2022-V1 (MAC WINDOWS ANDROID LINUX)

Crypto Trader 1 Jan 06, 2022
Draw your telegram bot in draw.io and generate its code

README Contents: Draw your bot Install requirements Registering a telegram bot Draw bot Start point Message block Single choice block Functions block

DENIS TSITKO 23 Nov 09, 2022
SimpleDCABot is a simple bot that buys crypto with a dollar-cost averaging strategy.

Simple Open Dollar Cost Averaging (DCA) Bot SimpleDCABot is a simple bot that buys crypto on a selected exchange at regular intervals for a prescribed

4 Mar 28, 2022
this is a telegram torrent bot

owner of this repo :- AYUSH contact me :- AYUSH Slam Mirror Bot This is a telegram bot writen in python for mirroring files on the internet to our bel

AYUSH 237 Dec 16, 2021
Discord-shell - Reverse shell accessible via discord.py bot

Discord-shell reverse shell on discord bot. (STILL IN DEVELOPMENT) Installation

Skultz 6 Oct 21, 2022
Aula-API - a school system widely used in Denmark, as you can see and read about in the python file

Information : Hello, thank you for reading this first of all. This is a Aula-API

Binary.club 2 May 28, 2022
Playing around with the slack api for learning purposes

SlackBotTest Playing around with the slack api for learning purposes and getting people to contribute Reason for this Project: Bots are very versatile

1 Nov 24, 2021
NewpaperNews-API - Json data of the news with python

NewsAPI API Documentation BASE_URL = "https://saurav.tech/NewsAPI/" top_headline

Aryaman Prakash 2 Sep 23, 2022
This wrapper now has async support, its basically the same except it uses asyncio

This is a python wrapper for my api api_url = "https://api.dhravya.me/" This wrapper now has async support, its basically the same except it uses asyn

Dhravya Shah 5 Mar 10, 2022
Space Bot, a Discord bot built for HackerSpace Club of PES University

Space Bot Space Bot, a Discord bot built for HackerSpace Club of PES University What can Space Bot do? Space Bot allows you to lookup any mentor or to

HackerSpace @PESU 7 Oct 23, 2022
Fully Automated Omegle Chatbot

omegle-bot tutorial features fast runs in background can run multiple instances at once Requirement Run this command in cmd, terminal or PowerShell (i

6 Aug 07, 2021
A group management bot written in python3 using the python-telegram-bot library.

Chika Fujiwara A modular telegram Python bot running on python3 with an sqlalchemy database. Originally a Marie fork, Chika was created for personal u

Wahyusaputra 3 Feb 12, 2022
Instagram-follower-bot - An Instagram follower bot written in Python

Instagram Follower Bot An Instagram follower bot written in Python. The bot follows the follower of which account you want. e.g. (You want to follow @

Aytaç Kaşoğlu 1 Dec 31, 2021
Telegram bot to stream videos in telegram voicechat for both groups and channels

Telegram bot to stream videos in telegram voicechat for both groups and channels. Supports live streams, YouTube videos and telegram media. With record stream support, Schedule streams, and many more

ALBY 9 Feb 20, 2022
An api, written in Python, for Investopedia's paper trading stock simulator.

investopedia-trading-api An API, written in Python, for Investopedia's paper trading stock simulator. Pull requests welcome. This library is now Pytho

Kirk Thaker 178 Jan 06, 2023
Jika ada pertanyaan lebih lanjut, hubungi kontak dibawah ini. Terimakasih...

⚡ Lynx Userbot ⚡ Userbot Used for Fun on Telegram, and for Maintianing Your Group. This is a Repo Lynx-Userbot. This is Repo was Created by Axel From

29 Aug 30, 2021
PancakeTrade - Limit orders and more for PancakeSwap on Binance Smart Chain

PancakeTrade helps you create limit orders and more for your BEP-20 tokens that swap against BNB on PancakeSwap. The bot is controlled by Telegram so you can interact from anywhere.

Valentin Bersier 187 Dec 20, 2022
Script for polybar to display and control media(not only Spotify) using DBus.

polybar-now-playing Script for polybar to display and control media(not only Spotify) using DBus Python script to display and control current playing

Dope Wizard 48 Dec 31, 2022