OSXCollector- Forensic collection & analysis toolkit
OSXCollector is an information gathering and analysis toolkit that you can use for running a forensics against OSX based operating systems. the toolkit include a number of python scripts that create JSON file with information about the targeted system if it is infected or not.
OSXCollector gathers information from plists, SQLite databases and the local file system. you will have the following information:
- version The current version of OSXCollector.
- system_info this include system name,node name, release , version
- kext Collects the Kernel extensions
- startup Collects information about the LaunchAgents, LaunchDaemons, ScriptingAdditions, StartupItems and other login
- applications list the hashes installed applications
- quarantines collects information from XProtect hash-based malware check for quarantines files
- downloads Hashes all users’ downloaded files
- chrome Collects information from Google Chrome web browser
- Firefox Collects information from the different SQLite databases in a Firefox profile
- safari Collects information from the different plist and SQLite databases in a Safari profile
- accounts Collects information about users’ accounts
- mail Hashes files in the mail application directories
You can read more and download the tool over this link: https://github.com/Yelp/osxcollector