Question 1

Is OS X Auditor still being maintained?

Accepted Answer

No, the author has discontinued maintenance and explicitly recommends using Yelp's osxcollector for modern forensic analysis on Mac systems, as stated in the README.

Question 2

How to run OS X Auditor on a live Mac?

Accepted Answer

You must run it as root using sudo, ensure Python 2.7 is installed, and set up dependencies like pyobjc for full plist parsing, as per the installation instructions.

Question 3

OS X Auditor vs osxcollector: which is better?

Accepted Answer

Osxcollector is actively maintained and likely more compatible with newer macOS, while OS X Auditor is deprecated but was known for its comprehensive artifact extraction; for current use, osxcollector is the safer choice.

Question 4

Can OS X Auditor extract data from Google Chrome?

Accepted Answer

Yes, it extracts history, cookies, login data, and more from Chrome artifacts, as specified in the README under the Chrome section, but compatibility with newer Chrome versions is uncertain due to lack of updates.

Question 5

How to generate an HTML report with OS X Auditor?

Accepted Answer

Use the -H flag when running the script, for example 'python osxauditor.py -H log.html', to output forensic results in a readable HTML format, as mentioned in the usage examples.

Question 6

Does OS X Auditor work on macOS Catalina or later?

Accepted Answer

It was last tested on older OS X versions, and since it's unmaintained, compatibility with recent macOS releases like Catalina or Big Sur is not guaranteed and may fail due to system changes.

OSXAuditor

What is OSXAuditor?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions