OSXRipper

OSXRipper is a tool to gather system and user information from OSX file systems. Currently it is supporting OSX versions 10.6 - 10.15 (Snow Leopard to Catalina).

Alternatives to OSXRipper

Apple Pattern of Life Lazy Output'er (APOLLO)

• https://github.com/mac4n6/APOLLO
  

MAC APT

• https://github.com/ydkhatri/mac_apt
  

OSX Auditor

• https://github.com/jipegit/OSXAuditor
  

iParser

• http://az4n6.blogspot.co.uk/2012/08/automated-plist-parser.html
  
• https://github.com/mdegrazia/iParser

Mac Plist Ripper

• https://bitbucket.org/chrishargreaves/mac_plist_ripper

If anyone knows of alternatives I would be more than happy to add them here.

Uses the CCL Forensics BPlist parser

https://github.com/cclgroupltd/ccl-bplist

Prereqs
Assumes at least Python 3.4.3 is installed

Usage

python3 osxripper.py --help

Options
-h, --help Show help message and exit
-i DIRECTORY, --input=DIRECTORY input directory
-o DIRECTORY, --output=DIRECTORY output directory
-l, --list List the available plugins
-s, --summary Run Summary plugin only

Notes
N.B. if run on Linux and OSX systems user may have to escalate privileges to root
N.B. the output directory must exist

On OSX:
sudo python3 osxripper.py -i /Volumes/my_mounted_volume -o /Users/username/Desktop/my_analysis

On Linux:
sudo python3 osxripper.py -i /mnt/hfs_mount -o /home/username/my_analysis
N.B. if kpartx used to mount the image the input path may be /media/...

On Windows:
python.exe osxripper.py -i X:\extracted_files_root -o C:\Users\username\Desktop\my_analysis

Plugin Development Guide

Check the Wiki page for getting started with plugin development or make use of existing plugins under plugins/osx