macOS Artifact Parsing Tool (mac_apt)

Forensics & Incident Response

A Python‑based DFIR framework for parsing macOS and iOS artifacts from disk images, live systems, backups, and various collection formats.

Track releases GitHub Website

Python Latest v1.29.0 · 3mo ago Security brief →

Features

Cross‑platform operation without pyobjc dependencies
Supports multiple input formats (E01, VMDK, AFF4, DMG, SPARSEIMAGE, split DD, Velociraptor collections, etc.)
Exports artifacts in XLSX, CSV, TSV, JSONL and SQLite for downstream analysis

Security Response History

1 CVE

CVE	Severity	Disclosed	Patched (this tool)	vs Ecosystem Median
CVE-2023-4863 KEV	high CVSS 8.8	2023-09-13	2026-01-14	2y 4mo / median 2y 4mo

Recent releases

View all 2 releases →

v1.29.0 New feature 3mo

Notable features

UAC collections support
Typedstream iMessage parsing
Big Sur APFS fixes

View release on GitHub

v1.28.11 Bug fix 4mo

macOS forensics tool receives bug fixes and performance optimizations with improved exception handling for slightly corrupted disk images.

View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Releases

View all →

Releases per month

Cadence 0.0 / wk

Last release 112d

Tracked 2

Security

Full profile →

Security score 2.2/10

OpenSSF 1.2/10

Open CVEs 0

KEV exposure 0

SBOM Active maintainer

Community

GitHub stars 1,042

Forks 125

Open issues 9

Open PRs 0

Stars/wk velocity 0.0

About

Stars

1,042

Forks

125

Languages

Python Kaitai Struct Shell

View on GitHub Homepage

Install & Platforms

Platforms

macos linux windows arm64

Similar tools

munki

arvindand/maven-tools-mcp

An open source tool for generating macOS app icons with AI

StacklokLabs/osv-mcp