Monday, April 3, 2017

Logs Unite: Forensic Analysis of Apple Unified Logs

Sarah Edwards (PDF via Howard Oakley). Of particular note, regarding Console:

If reviewing on live system

  • Will only show new new events since Console.app opened.
  • Will show messages on disk & in memory (‘Volatile’ column).

Previously: Sierra Logging Spew, Sierra Log Littering.

1 Comment RSS · Twitter


[…] Logs Unite: Forensic Analysis of Apple Unified Logs, macOS 10.12.4 Locks Console Log Away From Normal […]

Leave a Comment