OSX Archaeology: Becoming Indiana Jones with OSXCollector and Strata
Chris Henderson (enruhe) & Justin Larson (Phant0mTrav3ler)
Companies who have large install bases of OSX have had little to worry about with Malware. That is rapidly changing and there are few options to help with forensic analysis on OSX when infection is suspected. Recently Yelp released an evidence collection and analysis toolkit called OSXcollector to help with determining if a machine is infected, how the malware infected the system, and how to prevent and detect with future attempts of infection. OSXCollector is a powerful tool, however, it takes a lot of CLI Kung Fu to master. Strata is an opensource tool we've developed and are launching at SAINTCON to help provide a quick UI for the information collected by OSXCollector, thus helping the not yet CLI Kung Fu masters rapid insight into the data collected and helping them become a forensic Indiana Jones.