-
755 items
88 item
239 item
229 item
10 item
13 item
10 item
1 item
169 item - For developers
The majority of MacOS log-data is stored as a sequence of unified logs.
On a live Mac, the log command can be used to extract these logs into a *.logarchive folder that can be read by another Mac using the Console application or the log command.
The script’s purpose is to mimic this behaviour by extracting the contents of the following folders into a single output folder with a *.logarchive file-extension:
In order for the output folder to be treated as a log-archive by the latest versions of MacOS, the script must also create an XML property-list file called Info.plist containing a single integer value called OSArchiveVersion.
At the time of writing, the latest version of MacOS Sequoia sets this value to 5, so this is the default value used by the script. The user can, however, set another value.
Before running the script, the user must highlight the relevant db folder in EnCase’s tree-pane or table-pane.
If the aforementioned folders are in a folder with a different name - perhaps because they’ve been acquired logically - the user must highlight the diagnostic or uuidtext folder in the table-pane.
Progress can be monitored via the console.
This script was developed for use in EnCase training. For more details, please click the following link:
First release.
Developed using EnCase 25.1.0.64.
Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox
