-
Notifications
You must be signed in to change notification settings - Fork 103
DOMAINS
Alex Cartwright edited this page Oct 8, 2019
·
2 revisions
The DOMAINS plugin retrieves information about ActiveDirectory Domain(s) that this Mac is connected to, from the file, the path, "*/Library/Preferences/OpenDirectory/Configurations/Active Directory/". The output of running this plugin is the "Domain_ActiveDirectory" file with Active Directory Domain information, in addition to an "Export" folder containing plists of User and Domain information. If the "/Active Directory" folder does not exist, the plugin does not output the "Domain_ActiveDirectory" file nor the "DOMAIN" plists.
This plugin supports standalone mode.
$ python mac-apt.py -x -o ~/Case_Output E01 ~/Acquisition.E01 DOMAINS
Field Name | Notes |
---|---|
node name | Name/Directory of the Domain |
trustaccount | |
trustkerberosprincipal | |
trusttype | |
allow multi-domain | |
cache last user logon | |
domain | |
forest | |
trust domain | |
source | Source file from which the Active Directory information was retrieved |
Getting Started
- Introduction
- Installation
-
Sample Usage
- ios_apt
- Artifact Only Mode
- Mounted System Data Mode
- Interpreting Output
- Issues & Workarounds
Plugins
- AUTOSTART
- BASICINFO
- BLUETOOTH
- DOMAINS
- FSEVENTS
- IDEVICEBACKUPS
- IDEVICEINFO
- IMESSAGE
- INETACCOUNTS
- INSTALLHISTORY
- MSOFFICE
- NETUSAGE
- NETWORKING
- NOTES
- NOTIFICATIONS
- PRINTJOBS
- QUARANTINE
- RECENTITEMS
- SAFARI
- SCREENTIME
- SPOTLIGHT
- SPOTLIGHTSHORTCUTS
- TERMINALSTATE
- TERMSESSIONS
- UNIFIEDLOGS
- USERS
- WIFI
Development
- Write a Plugin
- Plugin Helpers