DFIR Blog
  • Infosec
    • Blog
    • CISSP
    • Threat Landscape
  • Digital Forensics
    • Windows Forensics
    • Mac Forensics
    • Memory Forensics
    • Forensic Resources
  • Incident Response
  • Contact

InvesTigations & Analysis

What's 'Installed' on your Mac?

7/20/2019

 
Install.log file has an immense value to see all the installations on you Mac. 
Use this command on your terminal to get the list: 
​
grep 'Installed' /private/var/log/install.log
This log file has an immense forensic value to identify the user installation activity. Questions like remotely installed applications, failed installation can be answered by analyzing the  'Install.log' file.
cat /private/var/log/install.log

    








		

	
	
			

		

		

	


	
		

			
		

	
		

	



    


	

		

		

			
		
 

		

		

			
Comments are closed.

		
		

	

	


 


	


	    		
	        
	            

	

		
    
			
    Archives
    

    
		July 2019
		
    
		April 2018
		
    

    


    Categories
    

    
	All
	
    
		Plist
		
    

    


    
	
	
		
		RSS Feed
	

    
		

	




	        		
	








			

		


		


	

	



	

		
			

				
					
						





					
										
					
						





					
									

		
	




	

		
    
		
  • 
			
				Infosec
			
			
    
	
      
		
    • 
	
		
			Blog
		
	
	

      • 

    • 
	
		
			CISSP
		
	
	

      • 

    • 
	
		
			Threat Landscape
		
	
	

      • 

	
    

    

		
    • 
		
  • 
			
				Digital Forensics
			
			
    
	
      
		
    • 
	
		
			Windows Forensics
		
	
	

      • 

    • 
	
		
			Mac Forensics
		
	
	

      • 

    • 
	
		
			Memory Forensics
		
	
	

      • 

    • 
	
		
			Forensic Resources
		
	
	

      • 

	
    

    

		
    • 
		
  • 
			
				Incident Response
			
			
		
    • 
		
  • 
			
				Contact
			
			
		
    •