Monday, April 3, 2017 [Tweets] [Favorites]

Logs Unite: Forensic Analysis of Apple Unified Logs

Sarah Edwards (PDF via Howard Oakley). Of particular note, regarding Console:

If reviewing on live system

  • Will only show new new events since Console.app opened.
  • Will show messages on disk & in memory (‘Volatile’ column).

Previously: Sierra Logging Spew, Sierra Log Littering.

1 Comment

[…] Logs Unite: Forensic Analysis of Apple Unified Logs, macOS 10.12.4 Locks Console Log Away From Normal […]

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment