Tag Archives: Forensic Timeline

Ma2Tl : macOS Forensic Timeline Generator Using The Analysis Result DBs Of Mac_Apt

Ma2Tl is a DFIR tool for generating a macOS forensic timeline from the analysis result DBs of mac_apt. Requirements Python 3.7.0 or later pytz tzlocal xlsxwriter Installation % git clone https://github.com/mnrkbys/ma2tl.git Usage % python ./ma2tl.py -husage: ma2tl.py [-h] [-i INPUT] [-o OUTPUT] [-ot OUTPUT_TYPE] [-s START] [-e END] [-t TIMEZONE] [-l LOG_LEVEL] plugin [plugin …]Forensic timeline …

Continue reading “Ma2Tl : macOS Forensic Timeline Generator Using The Analysis Result DBs Of Mac_Apt”

Autotimeliner : Automagically Extract Forensic Timeline From Volatile Memory Dump

Autotimeliner tool will automagically extract forensic timeline from volatile memory dumps. Requirements Python 3 Volatility mactime (from SleuthKit) (Developed and tested on Debian 9.6 with Volatility 2.6-1 and sleuthkit 4.4.0-5) How it works AutoTimeline automates this workflow: Identify correct volatility profile for the memory image. Runs the timeliner plugin against volatile memory dump using volatility. Runs the mftparser volatility plugin, in order to …

Continue reading “Autotimeliner : Automagically Extract Forensic Timeline From Volatile Memory Dump”