Ma2tl - macOS forensic timeline generator using the analysis result DBs of mac apt

Related tags

Third-party APIs Wrappersma2tl
Overview

ma2tl (mac_apt to timeline)

This is a DFIR tool for generating a macOS forensic timeline from the analysis result DBs of mac_apt.

Requirements

  • Python 3.7.0 or later
  • pytz
  • tzlocal
  • xlsxwriter

Installation

% git clone https://github.com/mnrkbys/ma2tl.git

Usage

% python ./ma2tl.py -h
usage: ma2tl.py [-h] [-i INPUT] [-o OUTPUT] [-ot OUTPUT_TYPE] [-s START] [-e END] [-t TIMEZONE] [-l LOG_LEVEL] plugin [plugin ...]

Forensic timeline generator using mac_apt analysis results. Supports only SQLite DBs.

positional arguments:
  plugin                Plugins to run (space separated).

optional arguments:
  -h, --help            show this help message and exit
  -i INPUT, --input INPUT
                        Path to a folder that contains mac_apt DBs.
  -o OUTPUT, --output OUTPUT
                        Path to a folder to save ma2tl result.
  -ot OUTPUT_TYPE, --output_type OUTPUT_TYPE
                        Specify the output file type: SQLITE, XLSX, TSV (Default: SQLITE)
  -s START, --start START
                        Specify start timestamp. (ex. 2021-11-05 08:30:00)
  -e END, --end END     Specify end timestamp.
  -t TIMEZONE, --timezone TIMEZONE
                        Specify Timezone: "UTC", "Asia/Tokyo", "US/Eastern", etc (Default: System Local Timezone)
  -l LOG_LEVEL, --log_level LOG_LEVEL
                        Specify log level: INFO, DEBUG, WARNING, ERROR, CRITICAL (Default: INFO)

The following 4 plugins are available:
    FILE_DOWNLOAD       Extract file download activities.
    PERSISTENCE         Extract persistence settings.
    PROG_EXEC           Extract program execution activities.
    VOLUME_MOUNT        Extract volume mount/unmount activities.
    ----------------------------------------------------------------------------
    ALL                 Run all plugins

Generated timeline example

Scenario Timeline

Presentation

This tool was published on Japan Security Analyst Conference 2022 (JSAC2022).

Slides are available below:

Author

Minoru Kobayashi

License

MIT

Owner
Minoru Kobayashi
Minoru Kobayashi
GitHub Repository
Auto Join: A GitHub action script to automatically invite everyone to the organization who comment at the issue page.

Auto Invite To Org By Issue Comment A GitHub action script to automatically invite everyone to the organization who comment at the issue page. What is

Max Base 6 Jun 08, 2022
A module grouping multiple translation APIs

translatepy (originally: translate) An aggregation of multiple translation API Translate, transliterate, get the language of texts in no time with the

349 Jan 06, 2023
Mailjet API implementation in Python

READ THIS FIRST!! This repository isn't compatible with the current Mailjet API (v3) and, as a consequence, is considered deprecated and won't undergo

Rick van Hattem 18 Oct 21, 2022
Python binding for Terraform.

Python libterraform Python binding for Terraform. Installation $ pip install libterraform NOTE Please install version 0.3.1 or above, which solves the

Prodesire 28 Dec 29, 2022
API RestFull web de pontos turisticos de certa região

##RESTful Web API para exposição de pontos turísticos de uma região## Propor um novo ponto turístico Moderação dos pontos turísticos cadastrados Lista

Lucas Silva 2 Jan 28, 2022
A telegram bot does not allow channels to send messages to the telegram supergroup

Channel Message Handler Getting started Installation $ git clone https://github.com/AbhijithNT/GroupChannelHandler.git Change directory $ cd ChannelMe

Abhijith N T 0 Dec 26, 2021
An API Client package to access the APIs for NBA.com

nba_api An API Client package to access the APIs for NBA.com Development Version: v1.1.9 nba_api is an API Client for www.nba.com. This package is mea

Swar Patel 1.4k Jan 01, 2023
PS4RemotePKGSender - Use with Remote PKG Installer

PS4_Remote_PKG_Sender Used with the remote PKG installer on PS4 Thanks to the au

Teri 4 Sep 23, 2022
Auto-commiter - Auto commiter Github

auto committer Github Follow the steps below to use this repository: 1-install c

Arman Ebtekari 8 Nov 14, 2022
ClearML - Auto-Magical Suite of tools to streamline your ML workflow. Experiment Manager, MLOps and Data-Management

ClearML - Auto-Magical Suite of tools to streamline your ML workflow Experiment Manager, MLOps and Data-Management ClearML Formerly known as Allegro T

ClearML 3.9k Jan 01, 2023
PS3API - PS3 API for TMAPI and CCAPI in python.

PS3API PS3 API for TMAPI and CCAPI in python. Examples Connecting and Attaching from ps3api import PS3API PS3 = PS3API(PS3API.API_TMAPI) if PS3.Conn

Adam 9 Sep 01, 2022
A new coin listing alert bot using Python, Flask, MongoDB, Telegram API and Binance API

Bzzmans New Coin Listing Detection Bot Architecture About Project Work in progress. This bot basically gets new coin listings from Binance using Binan

Eyüp Barlas 21 May 31, 2022
Auto like & auto followers facebook

Auto like & auto followers facebook

Fahmi Dev 23 Dec 08, 2022
The Research PACS on AWS solution facilitates researchers' access medical images stored in the clinical PACS in a secure and seamless manner

Research PACS on AWS Challenge to solve Solution presentation Deploy the solution Further reading Releases License Challenge to solve The rise of new

AWS Samples 23 Sep 09, 2022
SpautiNoFay - A simple and beautiful music player created with Python

SpautiNoFay A simple and beautiful music player created with Python Why SpautiNo

8 Jan 19, 2022
ACL 2022: CAKE: A Scalable Commonsense-Aware Framework For Multi-View Knowledge Graph Completion

CAKE ACL 2022: CAKE: A Scalable Commonsense-Aware Framework For Multi-View Knowledge Graph Completion Introduction This is the PyTorch implementation

Niu Guanglin 31 Dec 07, 2022
send sms via grafana alert webhook

notifier fire alarm What does this project do: the aim of this project is to send alarm notification from grafana alert manager via kavenegar api. sta

Ali Soltani 4 Oct 20, 2021
Get charts, top artists and top songs WITHOUT LastFM API

LastFM Get charts, top artists and top songs WITHOUT LastFM API Usage Get stats (charts) We provide many filters and options to customize. Geo filter

4 Feb 11, 2022
An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.

TWINT - Twitter Intelligence Tool No authentication. No API. No limits. Twint is an advanced Twitter scraping tool written in Python that allows for s

TWINT Project 14.2k Jan 03, 2023
Home Assistant for Opendata CWB. Get the weather forecast of the city in Taiwan.

Home assistant support for Opendata CWB. The readme in Traditional Chinese. This integration is based on OpenWeatherMap (@csparpa, pyowm) to develop.

11 Sep 30, 2022