免费的Mac OS X计算机取证工具:OSX Auditor
jopen
10年前
OSX Auditor是一个免费的Mac OS X计算机取证工具,这个工具显示分析内核扩展、用户下载的文件等等,然后是提取用户的隔离文件、访问历史等等,最后就可以确认文件的可信度。
OS X Auditor parses and hashes the following artifacts on the running system or a copy of a system you want to analyze:
- the kernel extensions
- the system agents and daemons
- the third party's agents and daemons
- the old and deprecated system and third party's startup items
- the users' agents
- the users' downloaded files
- the installed applications
It extracts:
- the users' quarantined files
- the users' Safari history, downloads, topsites, LastSession, HTML5 databases and localstore
- the users' Firefox cookies, downloads, formhistory, permissions, places and signons
- the users' Chrome history and archives history, cookies, login data, top sites, web data, HTML5 databases and local storage
- the users' social and email accounts
- the WiFi access points the audited system has been connected to (and tries to geolocate them)
