What's Changed
- Added support for reading Velociraptor created zip file collections (collected using the
MacOS.Search.FileFindermodule) - Added support for new Notification DB path in macOS 15 by @mnrkbys in #119
- Added feature to specify plugins not to be run by @mnrkbys in #113
- Add JSONL output type
- New plugin - CALLHISTORY
- New plugin - CRASHREPORTER
- New plugin - WIFI_INTELLIGENCE - Details
- Add CoreSimulator file system events to FSEVENTS plugin
- Significant update to BTM parsing in AUTOSTART plugin - Details
- Fetch additional window titles from decrypting data.data and add Dock saved info to SAVEDSTATE plugin
- Added
Identifierfield, fix other minor issues with NOTIFICATIONS plugin - Parse new screentime strings files
- Update APFS parsing - changed the way an item was classified as file or folder or symlink
- Minor bugfixes and latest macOS compatibility for SCREENSHARING, MSRDC, SPOTLIGHT and QUICKLOOK plugins
- Removed mac_apt_mounted_sys_data.py as it was unused. This was only a temporary measure for macOS 10.15
Full Changelog: v1.7.5-dev...v1.13.6
Contributors
mnrkbys