Bash scripts that have been created to run DFIR tools for MacOS through the Live-Response feature on MDE.
- Upload the tool to be executed in the investigated host to MDE Live-Response library.
- Upload the Bash script wrapper to the MDE Live-Response library.
- Create a Live-Response session into the desired host to be investigated.
- Copy the tool file from the MDE library to the host.
- Run the bash script wrapper.
Warning
Sometimes the tool package would need to be modified before due to Microsoft limitations on file size or other factors.