Ma2Tl - macOS Forensic Timeline Generator Using The Analysis Result DBs Of Mac_Apt

This is a DFIR tool for generating a macOS forensic timeline from the analysis result DBs of macapt. Requirements Python 3.7.0 or later pytz tzlocal xlsxwriter Installation % git clone https://github.com/mnrkbys/ma2tl.git Usage % python ./ma2tl.py -h usage: ma2tl.py -h -i INPUT -o OUTPUT -ot...

Autotimeliner - Automagically Extract Forensic Timeline From Volatile Memory Dump

Automagically extract forensic timeline from volatile memory dumps. Requirements Python 3 Volatility mactime from SleuthKit Developed and tested on Debian 9.6 with Volatility 2.6-1 and sleuthkit 4.4.0-5 How it works AutoTimeline automates this workflow: Identify correct volatility profile for the...

Active Directory Honeytoken Tripwire: DCEPT

DCEPT D omain C ontroller E nticing P assword T ripwire is a honeytoken-based tripwire for Microsoft’s Active Directory. Honeytokens are pieces of information intentionally littered on system so they can be discovered by an intruder. In the case of DCEPT, the honeytokens are credentials that woul...