Apple System Logs (ASL)
Overview
Section titled “Overview”Evidence: Apple System Logs (ASL)
Description: Collect Apple System Logs (ASL)
Category: System
Platform: macos
Short Name: asl
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”Apple System Logs (ASL) provide historical system and application log entries prior to Unified Logging. This data is essential for legacy system investigations and timeline reconstruction.
Data Collected
Section titled “Data Collected”This collector gathers structured data about apple system logs (asl).
Apple System Logs (ASL) Data
Section titled “Apple System Logs (ASL) Data”| Field | Description | Example |
|---|---|---|
PID | PID | 123 |
Sender | Sender | Example value |
Facility | Facility | Example value |
Message | Message | Example value |
Level | Level | Example value |
Time | Time | 2023-10-15 14:30:25+03:00 |
Collection Method
Section titled “Collection Method”This collector copies /private/var/log/asl/*.asl files, converts them via syslog -f -F xml, and records entries into asl.
Forensic Value
Section titled “Forensic Value”This evidence is crucial for forensic investigations as it can reveal authentication events, errors, and system activities captured by ASL.