Logs Unite: Forensic Analysis of Apple Unified Logs
Sarah Edwards (PDF via Howard Oakley). Of particular note, regarding Console:
If reviewing on live system
- Will only show new new events since Console.app opened.
- Will show messages on disk & in memory (‘Volatile’ column).
Previously: Sierra Logging Spew, Sierra Log Littering.
1 Comment RSS · Twitter
September 25, 2017 3:05 PM
[…] Logs Unite: Forensic Analysis of Apple Unified Logs, macOS 10.12.4 Locks Console Log Away From Normal […]
