Collaborate Disseminate
Local logins are created when an already logged in user opens a Terminal window. Each terminal window is a separate ‘login’ process. If you have six Terminal windows (or tabs) open, you have six ‘login’ processes.
No one can find flour or yeast anyway! 😆This week is all about system login… Continue reading Analysis of Apple Unified Logs: Quarantine Edition [Entry 4] – It’s Login Week!
While I’ve been researching various queries with these unified logs, I’ve noticed some peculiar but forensically useful entries. I have found many of these entries to be created when I’m browsing directories via Finder. However, they don’t appear to be… Continue reading Analysis of Apple Unified Logs: Quarantine Edition [Entry 3] – Playing in the Sandbox, Enumerating Files and Directories
The first item in the Unified Logs we will take a look at is a relatively s… Continue reading Analysis of Apple Unified Logs: Quarantine Edition [Entry 2] – sudo make me a sandwich
Apple introduce Unified Logging many years ago in 10.12 and has constantly been changing it since its introduction. My main problem is usually using the ‘log’ utility. It has changed over time and those changes are not documented nor is the current doc… Continue reading Analysis of Apple Unified Log: Quarantine Edition [Entry 1] – Converting Log Archive Files on 10.15 (Catalina)
I’ve decided to spend some time revisiting analysis of Unified Logs as blog series during this quarantine. It is the perfect topic to make bite sized and I can make it as long or as short as Coronavirus deems it so.I’m planning of doing smaller blogs a… Continue reading Introducing ‘Analysis of Apple Unified Logs: Quarantine Edition’ [Entry 0]
This was presented yesterday at Objective by the Sea 3.0 in beautiful Maui. Official macOS support and modules are coming to APOLLO!Slides and video are available here. I hope to update the APOLLO GitHub with updated script/modules next week. I’ll be s… Continue reading New Presentation – Exploring macOS with APOLLO from #OBTS 3.0
I wrote a blog for BlackBag Tech on the not so secret secrets that could be stored in secure notes using the Notes application on macOS and iOS. Note snippets, location data, and media attachment metadata can all be there for the taking! You can read t… Continue reading macOS & iOS “Secure” Notes – I Can See Your Secrets, No Brute Forcing Required!
With the APOLLO v1.0 update, I updated many of the Application Activity modules used with the knowledgeC.db database. I mentioned in this article that these were updated to provide more context to specific user application activities. One col… Continue reading Providing Context to iOS App Usage with knowledgeC.db and APOLLO
I spent this weekend updating and sprucing up APOLLO for its v1.0 release. It took far longer than anticipated, mostly because I’ve added quite a few new modules. It also takes a while to go through every SQL query module updating it to iOS 13. Databas… Continue reading New Year New APOLLO – Officially out of Beta iOS 13 Module Updates!