Skip to content

Releases: LETHAL-FORENSICS/macos-collector

macos-collector v1.5.1

16 Mar 05:47
@evild3ad evild3ad
v1.5.1
02729ac

Choose a tag to compare

View all tags
macos-collector v1.5.1 Latest
Latest

[1.5.1] - 2026-03-16

Fixed

  • Minor fixes and improvements
Assets 3
Loading

macos-collector v1.5.0

09 Mar 06:40
@evild3ad evild3ad
v1.5.0
681caa6

Choose a tag to compare

View all tags
macos-collector v1.5.0

[1.5.0] - 2026-03-09

Added

  • TrueTree Snapshot Collection
  • System Info: Microsoft AutoUpdate (MAU)
  • System Info: Collecting MDE Quarantine Files → PW: infected
  • System Info: Collecting MDE Diagnostic Logs
  • System Info: MDE Network Connectivity
  • System Info: Collecting Microsoft Intune Logs
  • System Info: Apple Remote Desktop Artifacts
  • Password-Protected ZIP Files (PKZIP 2.0) → PW: IncidentResponse

Fixed

  • Minor fixes and improvements

01
Fig 1: Help-Message

02
Fig 2: TrueTree Snapshot Collection

Loading

macos-collector v1.4.0

29 Jan 06:57
@evild3ad evild3ad
v1.4.0
aa8870e

Choose a tag to compare

View all tags
macos-collector v1.4.0

[1.4.0] - 2026-01-29

Added

  • System Information Collection
  • Recent Items Collection
  • KnockKnock v4.0.3 (Optional: VirusTotal Lookup)
  • Spotlight Indexing Status (Data Volume)

Fixed

  • Minor fixes and improvements
Loading

macos-collector v1.3.0

07 Dec 13:18
@evild3ad evild3ad
v1.3.0
f9a22b5

Choose a tag to compare

View all tags
macos-collector v1.3.0

[1.3.0] - 2025-12-07

Added

  • Spotlight Database File Collection (incl. Live Searches)
  • BTM Database File Collection

Fixed

  • Minor fixes and improvements

01
Fig 1: Help-Message

02
Fig 2: Spotlight Database File Collection (incl. Live Searches)

03
Fig 3: Spotlight Live Search - CSV Report Creation (mdfind, mdls, xattr and file hash calculation)

04
Fig 4: BTM Database File Collection (Note: There can be multiple databases located on disk.)

Loading

macos-collector v1.2.0

24 Nov 06:41
@evild3ad evild3ad
v1.2.0
511b3d6

Choose a tag to compare

View all tags
macos-collector v1.2.0

[1.2.0] - 2025-11-24

Added

  • Sysdiagnose Logs Collection
  • BTM Dump File Collection (Background Task Management)
  • DSStore: DMG Creation (read-only)
  • FSEvents: DMG Creation (read-only)
  • Triage Mode: Collect ALL supported macOS Forensic Artifacts
  • KnockKnock (Persistence Enumerator by Objective-See)

01
Fig 1: Help-Message

02
Fig 2: DMG Support

03
Fig 3: Mount DMG w/ Arsenal Image Mounter (Step #1)

04
Fig 4: Mount DMG w/ APFS for Windows by Paragon Software (Step #2)

05
Fig 5: Access to write-protected data w/ preserved Apple extended attributes

Loading

macos-collector v1.1.0

17 Nov 06:30
@evild3ad evild3ad
v1.1.0
54d45c4

Choose a tag to compare

View all tags
macos-collector v1.1.0

[1.1.0] - 2025-11-17

Added

  • DSStore File Collection (.DS_Store)
  • Unified Logs Collection

Fixed

  • Minor fixes and improvements

01
Fig 1: Help-Message

02
Fig 2: Collecting DS_Store Files

03
Fig 3: Collecting Unified Logs (AUL)

Loading

macos-collector v1.0.0

30 Oct 05:56
@evild3ad evild3ad
v1.0.0
70aeaab

Choose a tag to compare

View all tags
macos-collector v1.0.0

[1.0.0] - 2025-10-30

Added

  • Aftermath Collection
  • Aftermath Analysis
  • FSEvents Collection

Changed

  • CHANGELOG.md
Loading