Plist files in the MAC world are the equivalent to, or as
close as you are going to get to registry files on Windows Systems. They contain system settings, application preferences,
deleted user accounts and much much more.
These files come in two formats, Binary and XML.
Plist files, IMO tend to be in various places all over the
file system. For example, plist files
specific to the user may be under the /User/*Username*/Preference folder, and
plist files for the system will be under /System/Library.
During MAC exams, I feel like I am running around looking
for all these crazy files (which is tough to do if you have heels on). Additionally, for each exam there are a
standard set of plist files I need to gather, such as OS Version, Time
Zone, Deleted Accounts etc. I may also spend
a significant amount of time researching and locating plist files for specific applications
and wanted a way to document and share this information.
Anytime something becomes repetitive, it’s a good chance to
write a script or develop a tool to automate the process. A perfect example of this is RegRipper. It parses the registry for common (and even
uncommon) keys, and gives the community an easy way to add plugins for additional registry keys.
So, using RegRipper as source of inspiration, I set out to develop a tool that accomplishes an automated way to parse plist files. I am
almost done developing it and in the testing phase. The tool runs on Windows with a GUI, and
requires the MAC image to be mounted . Adding
your own plist file to parse
is relatively simple - an entry in an XML file
that specifies the location of the plist file such as /System/Library/CoreServices/SystemVersion.plist and a description.
I will be adding in all the plist list files listed under the OS X 10.7 artifacts on the appleexaminer.com website which should be a good running start.
I am almost done. I figured once I blogged about it, it would commit me to putting the finishing
touches on and wrap it up. If you have a clever name for it, let me know. All I have manged to come up with is iParse (ha ha).
If your interested, check back next week and it should be done. [Edit - the tool is now available, please see this post or download here]
Pretty awesome, Maria!
ReplyDeleteI think RegRipper totally spoiled me. I miss it during my MAC exams....
ReplyDeleteThis looks cool! I like the idea of customizing the XML file to add specific plist files. Looking forward to trying this out...
ReplyDeleteLooks like a great tool and the name iParse sounds perfect! ;)
ReplyDelete