Artifacts

Mac OS X System Logs

Posted by:  /  Tags: , , , ,

Author Name
Pasquale Stirparo, @pstirparo
Submission Title
Mac OS X System Logs
Artifact Description
Num. 1 is the main folder containing the system logs.


Num. 2 Contains Apple System Logs (asl). Filename format as YYYY.MM.DD.[UID].[GID].asl,


Num. 4 contains install date of system, as well as date of system and software updates
File Locations
1) System Log files main folder
– /var/log/*


2) Apple System Log
– /var/log/asl/*


3) Audit Log
– /var/audit/*


4) Installation log
– /var/log/install.log
Research Links
https://github.com/pstirparo/mac4n6


http://forensicswiki.org/wiki/Mac_OS_X_10.9_-_Artifacts_Location


https://docs.google.com/spreadsheets/d/1X2Hu0NE2ptdRj023OVWIGp5dqZOw-CfxHLOW_GNGpX8/edit#gid=4
Any Other Information
These artefacts are collected under the ma4n6 project, aiming at being single point of collection for OSX artifacts from where such locations are later shared via:
– yaml library
– ForensicsWiki.org
– ForensicsArtifacts.com
So that the effort is made only once, and the output reused everywhere.

Leave a Reply

Your Name: (required)

Your Email: (will not be published) (required)

Your Website:

Your Message:

submit comment