WithSecureLabs / chainsaw

Rapidly Search and Hunt through Windows Forensic Artefacts
GNU General Public License v3.0
2.84k stars 258 forks source link

Support for Mac artefact filetypes #175

Open owentl opened 2 months ago

owentl commented 2 months ago

I appreciate that chainsaw was written to support evtx files, but is there any way to also support Mac logs too? Or has anyone ever run across a tool like chainsaw for Mac?

alexkornitzer commented 2 months ago

Thre is nothing preventing Chainsaw from supporting Mac logs it is just that no one has added the file parsers to Chainsaw to handle them. Currently Chainsaw supports:

To handle Mac artefacts it would probably need parsers for plist, bplist, sqlite, unifiedlogs. Depending on what Mac artefacts are to be consumed.

alexkornitzer commented 2 months ago

^ Ignore the above commit, I linked the wrong issue.