Question 1

How to analyze OSXCollector output for malware?

Accepted Answer

Use the companion OSXCollector Output Filters project to automate analysis, or manually grep the JSON file for timestamps and suspicious entries. The README suggests tools like jq for querying browser history and user-specific data.

Question 2

OSXCollector vs osquery for macOS forensics?

Accepted Answer

OSXCollector is a one-time forensic collection tool focused on evidence gathering for incidents, while osquery provides continuous SQL-based monitoring. OSXCollector is better for deep-dive investigations, but osquery excels in real-time system introspection.

Question 3

Does OSXCollector work on latest macOS versions like Sonoma?

Accepted Answer

It should work, but the README warns about Python version compatibility. Since it relies on system Python and native bindings, updates to macOS might break functionality, so testing on newer versions is recommended.

Question 4

Can OSXCollector collect browser cookies and local storage data?

Accepted Answer

Yes, but by default it excludes cookies and local storage values due to sensitivity. Use the '-c' and '-l' flags to enable collection, though this may capture personal information.

Question 5

Is OSXCollector still actively maintained by Yelp?

Accepted Answer

The project has historical updates and presentations, but recent activity is limited. Check GitHub for commit history; reliance on older Python versions might indicate reduced maintenance for modern macOS releases.

Question 6

How to customize OSXCollector to only collect specific user data?

Accepted Answer

Use the '-s' flag to select sections like 'accounts' or browser subsections, and specify paths with '-p'. The JSON output includes 'osxcollector_username' keys to filter by user in analysis.

OSXCollector

What is OSXCollector?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions