vendredi 7 février 2014

New version of Mac OS X Forensics Framework, Pac4Mac 0.3

Pac4Mac 0.1, published in September 2013, has been updated to a new version, Pac4Mac 0.3 with following modifications :
  • code review
  • easier to add your artifact
  • new artifacts (with 25 categories into db/*.db files)
  • new features about forensics (logs treatment, network and system state) and HFS+ (CatalogFile, Mactime, ...) and configuration
  • new mode : LIAM (leak information, persistent reverse shell, hashes bruteforce in live, ....) 
Main interface

Option 1

Option 7

Categories files

Pac4Mac (Plug And Check for Mac OS X) is a portable Forensics framework (to launch from USB storage) allowing extraction and analysis session informations in highlighting the real risks in term of information leak (history, passwords, technical secrets, business secrets, ...). Pac4Mac can be used to check security of your Mac OS X system or to help you during forensics investigation.

Pac4Mac is based on the information leaks that I detailed in the section mac-security-tips (not updated, please to look .db files into db/ directory) and also on my works detailed in my paper and presentation.

Mindmap Pac4Mac 0.3 features (PDF format)

All features are explained into readme file : Readme

Pac4Mac source code: here

1 commentaire: