Digital Forensics and Incident Response | DFIR
  • Blog
  • Infosec
  • Windows Forensics
  • Mac Forensics
  • Memory Forensics
  • Incident Response
  • CISSP

What's 'Installed' on your Mac?

7/20/2019

0 Comments

 
Install.log file has an immense value to see all the installations on you Mac. 
Use this command on your terminal to get the list: 
​

grep 'Installed' /private/var/log/install.log
This log file has an immense forensic value to identify the user installation activity. Questions like remotely installed applications, failed installation can be answered by analyzing the  'Install.log' file.
cat /private/var/log/install.log

    
0 Comments



Leave a Reply.

    Archives

    July 2019
    April 2018

    Categories

    All
    Plist

    RSS Feed