siftuser
commented
5 years ago Interesting thought ... were you able to accomplish this ?
Open DFIR-Zach opened 6 years ago
siftuser
commented
5 years ago Interesting thought ... were you able to accomplish this ?
I just now see that you forked off of OSXAuditor. They had a feature to compare file reputations against Team Cymru's MHR, VirusTotal, or your own local database. Is this feature in osxcollector or intend to be brought into the tool? Right now we are manually checking the md5s pulled from the osxcollector json file in external sources.
We are trying to use this application to compare a mac machine using before and after snapshots of osxcollector to try and see if there was a compromise by using the delta data. If anyone has any thoughts of how we could better utilize this tool for our use case it would be GREATLY appreciated. Thanks!