2015 - Kuba Sendor - Squashing Rotten Apples Automated forensics & analysis for Mac OS X..

XeeCO8moyeE/default.jpg

OSXCollector (https://github.com/Yelp/osxcollector) is an open source forensic evidence collection and analysis toolkit for Mac OS X. It automates the forensic evidence collection and analysis that previously Yelp's team of responders has been doing manually.

We use Macs a lot at Yelp, which means that we see our fair share of Mac-specific malware alerts. Host based detectors like antivirus software will tell us about known malware infestations or weird new startup items. Network based detectors see potential CnC callouts or DNS requests to resolve suspicious domains. Sometimes our awesome employees just let us know, "Hey, I think I have like Stuxnet or conficker or something on my laptop."
When alerts fire, our incident response team's first goal is to "stop the bleeding" – to contain and then eradicate the threat. Next, we move to "root cause the alert" – figuring out exactly what happened and how we'll prevent it in the future. One of our primary tools for root causing OS X alerts is OSXCollector. It was developed in-house at Yelp to automate the digital forensics and incident response (DFIR) based on our past experiences when dealing with the malware infections and other threats haunting Yelp's corporate network.

XeeCO8moyeE/default.jpg
2015 - Kuba Sendor - Squashing Rotten Apples Automated forensics & analysis for Mac OS X.. 2015 - Kuba Sendor - Squashing Rotten Apples   Automated forensics & analysis for Mac OS X.. Reviewed by Anonymous on July 28, 2019 Rating: 5