Category Archives: analysis

There are many output styles options for the ‘log’ command. Sometimes the default output may not get you what you want. This article will walk through the various log output styles looking for USB Mass Storage Class devices using the keyword ‘USBMSC ‘…. Continue reading Analysis of Apple Unified Logs: Quarantine Edition [Entry 7] – Exploring USBMSC devices with –style→

I’m sure many of us are working remote right now possibly using some of these remote capabilities. Remote Logins can include a few different services; SSH and Screen Sharing are two that I’ll show here. These services are disabled by default and w… Continue reading Analysis of Apple Unified Logs: Quarantine Edition [Entry 6] – Working From Home? Remote Logins→

Local logins are created when an already logged in user opens a Terminal window. Each terminal window is a separate ‘login’ process. If you have six Terminal windows (or tabs) open, you have six ‘login’ processes.

… Continue reading Analysis of Apple Unified Logs: Quarantine Edition [Entry 5] – Login Inception!? Yes! – Local Logins!→

No one can find flour or yeast anyway! 😆This week is all about system login… Continue reading Analysis of Apple Unified Logs: Quarantine Edition [Entry 4] – It’s Login Week!→

While I’ve been researching various queries with these unified logs, I’ve noticed some peculiar but forensically useful entries. I have found many of these entries to be created when I’m browsing directories via Finder. However, they don’t appear to be… Continue reading Analysis of Apple Unified Logs: Quarantine Edition [Entry 3] – Playing in the Sandbox, Enumerating Files and Directories→

The first item in the Unified Logs we will take a look at is a relatively s… Continue reading Analysis of Apple Unified Logs: Quarantine Edition [Entry 2] – sudo make me a sandwich→