Monday, April 3, 2017 [Tweets] [Favorites]

Logs Unite: Forensic Analysis of Apple Unified Logs

Sarah Edwards (PDF via Howard Oakley). Of particular note, regarding Console:

If reviewing on live system

  • Will only show new new events since Console.app opened.
  • Will show messages on disk & in memory (‘Volatile’ column).

Previously: Sierra Logging Spew, Sierra Log Littering.

Comments

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment