Skip to content

DOMAINS

Alex Cartwright edited this page Oct 8, 2019 · 2 revisions

The DOMAINS plugin retrieves information about ActiveDirectory Domain(s) that this Mac is connected to, from the file, the path, "*/Library/Preferences/OpenDirectory/Configurations/Active Directory/". The output of running this plugin is the "Domain_ActiveDirectory" file with Active Directory Domain information, in addition to an "Export" folder containing plists of User and Domain information. If the "/Active Directory" folder does not exist, the plugin does not output the "Domain_ActiveDirectory" file nor the "DOMAIN" plists.

This plugin supports standalone mode.

Sample Usage

$ python mac-apt.py -x -o ~/Case_Output E01 ~/Acquisition.E01 DOMAINS

Output

Field Name Notes
node name Name/Directory of the Domain
trustaccount
trustkerberosprincipal
trusttype
allow multi-domain
cache last user logon
domain
forest
trust domain
source Source file from which the Active Directory information was retrieved

DOMAINS

Getting Started

Plugins

Development

  • Write a Plugin
  • Plugin Helpers
Clone this wiki locally