Forums
Main Category
General (Technical,...
iMac connected USB ...
 
Notifications
Clear all

iMac connected USB information

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by Cerveza 7 years ago
3 Posts
2 Users
0 Reactions
953 Views
RSS
 Cerveza
(@cerveza)
Eminent Member
Joined: 16 years ago
Posts: 21
Topic starter 03/02/2018 8:14 pm  

Hi all,

I have an image of an iMac running Sierra and I’m looking for connected USB information. I know that with the newest Mac OS they have moved all of the logging information around (how helpful).

I have read that the unified logs are stored in two directories

/var/db/diagnostics/
/var/db/uuidtext/

I can find these two directories but I dont really know where to go from there. Which log in these directories hold the USB information? I used to be plist but that’s changed!

I have also read, and I don’t know if this is true, that the logs are only held for 30days. I’m looking for information back in November 2017…

Any help or links to articles that will help me locate the logs I’m looking for so I can parse the info and read it would be super helpful!

Cheers!


   
Quote
gungora
 gungora
(@gungora)
Eminent Member
Joined: 8 years ago
Posts: 33
04/02/2018 7:33 am  

I suggest that you take a look at this presentation by Sarah Edwards

https://github.com/mac4n6/Presentations/blob/master/Logs%20Unite!%20-%20Forensic%20Analysis%20of%20Apple%20Unified%20Logs/LogsUnite.pdf

It is a good intro to the topic and contains useful references on the last page for further research.


   
ReplyQuote
 Cerveza
(@cerveza)
Eminent Member
Joined: 16 years ago
Posts: 21
Topic starter 04/02/2018 6:29 pm  

I found this info which I hope will help me.

https://www.blackbagtech.com/blog/2017/09/22/accessing-unified-logs-image/

Any other info is appreciated too


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: