Juwon1405/macOS_major_artifacts.md

## macOS_major_artifacts.md

      
    Raw
  

              macOS_major_artifacts.md
            
          
Full Path                               
Description                                                                                                                                                          


/var/log/system.log                     
System-wide log file that contains messages from all processes, including kernel events and system errors.                                                          


/var/log/secure.log                     
Log file containing authentication and authorization-related events, such as successful and failed login attempts, password changes, and user additions/removals.


/var/log/wifi.log                       
Log file documenting wireless network actions, including connections, disconnections, and diagnostic information.                                                   


/Users/username/Library/Preferences/*.plist
Configuration files (property lists) for various applications stored in a user's library folder, containing user preferences and settings.                              


/Users/username/Library/Logs/*.log       
Application-specific log files that record events and activities for a particular application used by a specific user.                                                


/Users/username/Library/Safari/History.db
Database file storing the browsing history of the Safari web browser used by a specific user.                                                                        


/Users/username/Library/Mail/           
Directory containing email messages, attachments, and configuration files for the Apple Mail application used by a specific user.                                      


/Users/username/Library/Keychains/       
Directory containing keychain files that store passwords, certificates, and other sensitive information for a specific user.                                          


/private/var/db/SystemPolicyConfiguration/
Directory containing securityPlease note that this is not an exhaustive list and there are additional artifacts that can be acquired on macOS for forensic analysis. It is always recommended to consult with a real-life expert and adhere to industry best practices for comprehensive digital forensics procedures.
Full Path	Description
/var/log/system.log	System-wide log file that contains messages from all processes, including kernel events and system errors.
/var/log/secure.log	Log file containing authentication and authorization-related events, such as successful and failed login attempts, password changes, and user additions/removals.
/var/log/wifi.log	Log file documenting wireless network actions, including connections, disconnections, and diagnostic information.
/Users/username/Library/Preferences/*.plist	Configuration files (property lists) for various applications stored in a user's library folder, containing user preferences and settings.
/Users/username/Library/Logs/*.log	Application-specific log files that record events and activities for a particular application used by a specific user.
/Users/username/Library/Safari/History.db	Database file storing the browsing history of the Safari web browser used by a specific user.
/Users/username/Library/Mail/	Directory containing email messages, attachments, and configuration files for the Apple Mail application used by a specific user.
/Users/username/Library/Keychains/	Directory containing keychain files that store passwords, certificates, and other sensitive information for a specific user.
/private/var/db/SystemPolicyConfiguration/	Directory containing securityPlease note that this is not an exhaustive list and there are additional artifacts that can be acquired on macOS for forensic analysis. It is always recommended to consult with a real-life expert and adhere to industry best practices for comprehensive digital forensics procedures.