Full Path | Description |
---|---|
/var/log/system.log | System-wide log file that contains messages from all processes, including kernel events and system errors. |
/var/log/secure.log | Log file containing authentication and authorization-related events, such as successful and failed login attempts, password changes, and user additions/removals. |
/var/log/wifi.log | Log file documenting wireless network actions, including connections, disconnections, and diagnostic information. |
/Users/username/Library/Preferences/*.plist | Configuration files (property lists) for various applications stored in a user's library folder, containing user preferences and settings. |
/Users/username/Library/Logs/*.log | Application-specific log files that record events and activities for a particular application used by a specific user. |
/Users/username/Library/Safari/History.db | Database file storing the browsing history of the Safari web browser used by a specific user. |
/Users/username/Library/Mail/ | Directory containing email messages, attachments, and configuration files for the Apple Mail application used by a specific user. |
/Users/username/Library/Keychains/ | Directory containing keychain files that store passwords, certificates, and other sensitive information for a specific user. |
/private/var/db/SystemPolicyConfiguration/ | Directory containing securityPlease note that this is not an exhaustive list and there are additional artifacts that can be acquired on macOS for forensic analysis. It is always recommended to consult with a real-life expert and adhere to industry best practices for comprehensive digital forensics procedures. |
Created
July 31, 2023 08:19
-
-
Save Juwon1405/7447a602635f0892e7990d32b78aa57f to your computer and use it in GitHub Desktop.
macOS_major_artifacts
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment