-
Notifications
You must be signed in to change notification settings - Fork 103
Installation
The following platforms have been tested - Windows, Linux & macOS.
This page is old and only applicable for the python2.7 version of mac_apt (ver 0.3 or below). This does not work for newer versions. Refer the new guide here.
Standalone compiled binaries are available for Windows and macOS here, this guide is only for running mac_apt from source code.
Download and run pytsk installer from: https://github.com/log2timeline/l2tbinaries/tree/master/win32
The file will be named pytsk3-xxxx.win32-py2.7.msi.
Download and run pyewf installer from here.
pip install biplist tzlocal construct==2.8.10 xlsxwriter enum34 kaitaistruct pkipplib lz4
Copy lzfse.pyd found in the /lzfse_dll folder of this project into your Python27\Lib\site-packages folder. This is a pre-compiled 32 bit dll used to decompress lzvn/lzfse compressed files on HFS+/APFS. If you wish to compile this yourself, get the source from Pylzfse.
The lzfse dll has a VC++ dll dependency, so you will need to download and install Microsoft Visual C++ 2013 Redistributable package.
Update your package manager first using sudo apt-get update
Install pip using sudo apt-get install python-pip
sudo apt-get install git python-dev
git clone --recursive https://github.com/ydkhatri/pylzfse
cd pylzfse
python setup.py build
sudo python setup.py install
Install pytsk3 version 20170802, the later versions are not fully tested and known to have issues with mac_apt.
sudo pip install pytsk3==20170802
Install zlib and bzip2 for pyewf
sudo apt-get install libbz2-dev zlib1g-dev
Download libewf-20140802.tar.gz from https://github.com/libyal/libewf-legacy/releases
Unzip and compile:
./configure --enable-python
make
sudo make install
sudo ldconfig
sudo pip install biplist tzlocal construct==2.8.10 xlsxwriter enum34 kaitaistruct pkipplib lz4
There is an automated install script that will download and install mac_apt and all dependencies. If you wish to use that, download mac_aptInstall-macOS-v15.sh from here, then run as ./mac_aptInstall-macOS-v15.sh
Install Homebrew. You will need this to install the other components.
macOS already ships with python 2.7, however it does not come with pip or python dev libraries. It is not recommended to try to alter the installed python framework or upgrade any of the installed packages. There is also the fact that many of these packages are under System Integrity Protection and macOS will not let you alter them! So we install another instance of python using brew, this will automatically get pip and python-devel. Let's also install git with brew.
brew install python2 git
In order to avoid confusion about python libraries, we will lock down our environment using virtualenv. This way any dependencies we install/upgrade/remove will only affect that instance and nothing else. This will avoid hours of frustration later!
sudo pip2 install --upgrade virtualenv
Now go to the extracted mac_apt (source code) folder, from here create the virtual environment, we just call it 'env' here.
cd mac_apt
virtualenv --python python2 env
Now activate 'env' with command:
source env/bin/activate
Your environment is setup and ready for use. When you are done with the rest of the installation and need to go back to the regular shell, type deactivate. Run all the commands below in this activated shell only.
git clone --recursive https://github.com/ydkhatri/pylzfse
cd pylzfse
python setup.py build
python setup.py install
Install pytsk3 version 20170802, the later versions are not fully tested and known to have issues with mac_apt.
pip install pytsk3==20170802
You should not need 'sudo' here, as its only writing to our custom environment.
Download libewf-20140802.tar.gz from https://github.com/libyal/libewf-legacy/releases
Unzip and compile:
./configure --enable-python --with-pyprefix
make
sudo make install
pip install biplist tzlocal construct==2.8.10 xlsxwriter enum34 kaitaistruct pkipplib lz4
Now that all dependencies are installed, you can run python mac_apt.py -h to run the script (-h shows you available options). You can deactivate the virtualenv when done.
Note: Every time you need to run the script you have to open a terminal and activate the virtualenv as shown above
On Windows, if you have an old installation of Python2.7, you may not have the latest sqlite library. It is recommended to update your version of sqlite3.dll to the latest one, go to: https://sqlite.org/download.html. Download and copy the sqlite3.dll file to the DLLs folder inside your python installation folder. Replace the old file with new one.
If you get an error regarding enum (‘No module named enum’ or ‘cannot import name IntEnum’), then run the following-
For Linux:
sudo pip install --upgrade enum34
For Windows:
pip install --upgrade enum34
Getting Started
- Introduction
- Installation
-
Sample Usage
- ios_apt
- Artifact Only Mode
- Mounted System Data Mode
- Interpreting Output
- Issues & Workarounds
Plugins
- AUTOSTART
- BASICINFO
- BLUETOOTH
- DOMAINS
- FSEVENTS
- IDEVICEBACKUPS
- IDEVICEINFO
- IMESSAGE
- INETACCOUNTS
- INSTALLHISTORY
- MSOFFICE
- NETUSAGE
- NETWORKING
- NOTES
- NOTIFICATIONS
- PRINTJOBS
- QUARANTINE
- RECENTITEMS
- SAFARI
- SCREENTIME
- SPOTLIGHT
- SPOTLIGHTSHORTCUTS
- TERMINALSTATE
- TERMSESSIONS
- UNIFIEDLOGS
- USERS
- WIFI
Development
- Write a Plugin
- Plugin Helpers