Get macfor Pro

Get started

Community vs Pro

Two binaries, one architecture. Pick the right one for the engagement.

What's the same

  • The core orchestrator, evidence container format, and chain-of-custody log.
  • The plugin interface, manifest schema, and source abstraction (live + image).
  • CLI surface and exit codes. macfor and macfor-pro are flag-compatible.

Community (2 plugins)

The open-source macfor binary is meant as a working reference: a small, high-value plugin set that exercises every subsystem (text parsers, SQLite, plist, multi-user collection, the full evidence container).

  • Safari Browserbrowser.safari
  • Shell Historyshell.history

Pro (29 plugins)

macfor-pro bundles every community plugin plus the full investigative collection — messaging apps, system telemetry, forensic deep-dives, and binary-format parsers (LevelDB, SQLCipher, SEGB, JSONLZ4, tracev3, …).

Apple Mail
mail.apple
Pro
Apple Notes
notes.apple
Pro
Bluetooth Devices
devices.bluetooth
Pro
Calendar & Reminders
pim.calendar
Pro
Contacts (AddressBook)
contacts.addressbook
Pro
CoreAnalytics
system.coreanalytics
Pro
Discord
app.discord
Pro
Dropbox
cloudstorage.dropbox
Pro
Evernote
productivity.evernote
Pro
Facebook Messenger Desktop
messaging.fbmessenger
Pro
FaceTime
facetime.apple
Pro
Firefox Browser
browser.firefox
Pro
FSEvents Journal
filesystem.fsevents
Pro
Google Chrome Browser
browser.chrome
Pro
Keychain Metadata
system.keychain
Pro
Messages (iMessage/SMS/RCS)
messages.apple
Pro
Pattern of Life
system.patternoflife
Pro
Persistence Mechanisms
system.persistence
Pro
Quarantine Events
system.quarantine
Pro
Quick Look Thumbnails
system.quicklook
Pro
Screen Time
system.screentime
Pro
Signal Desktop
messaging.signal
Pro
Slack Desktop
communication.slack
Pro
Spotlight Metadata
system.spotlight
Pro
TCC Database
system.tcc
Pro
Telegram Desktop
messaging.telegram
Pro
Unified Logs
system.unifiedlogs
Pro
WhatsApp Desktop
messaging.whatsapp
Pro
WiFi Known Networks
network.wifi
Pro

Picking a binary

  • Triage / IR scoping. Either works. Community is enough if you only need shell history and Safari context.
  • Full investigation. Pro. You will want messaging (Signal, Messages, WhatsApp, Telegram, Slack, Discord), TCC, persistence, FSEvents, Unified Logs, and pattern-of-life.
  • Air-gapped enterprise. Pro. License activation supports offline mode; contact macfor.io for procurement.

Pricing and licensing live on macfor.io/pricing.