Stat -q -f '%Sm %N' '/Users/amalard/Library/Preferences/'|grep -i 'Oct 24 09:'|grep 2016|sed 's/$/ : File creation or modification/'Įthernet/WiFI connections (activation of 'enX' interface) Stat -q -f '%Sm %N' '/etc/rc.common'|grep -i 'Oct 24 09:'|grep 2016|sed 's/$/ : File creation or modification/' Stat -q -f '%Sm %N' '/Users/amalard/Library/Preferences/'|grep -i 'Oct 24 09:'|grep 2016|sed 's/$/ : File creation or modification/' Stat -q -f '%SB %N' '/Library/Internet Plug-Ins/'*|grep -i 'Oct 24 09:'|grep 2016|sed 's/$/ : Directory modification/' Stat -q -f '%SB %N' '/Library/Spotlight/'*|grep -i 'Oct 24 09:'|grep 2016|sed 's/$/ : Directory modification/' Stat -q -f '%SB %N' '/Library/StartupItems/'*|grep -i 'Oct 24 09:'|grep 2016|sed 's/$/ : Directory modification/' Stat -q -f '%SB %N' '/System/Library/StartupItems/'*|grep -i 'Oct 24 09:'|grep 2016|sed 's/$/ : Directory modification/'
Stat -q -f '%SB %N' '/Library/Extensions/'*|grep -i 'Oct 24 09:'|grep 2016|sed 's/$/ : Directory modification/' Stat -q -f '%SB %N' '/System/Library/Extensions/'*|grep -i 'Oct 24 09:'|grep 2016|sed 's/$/ : Directory modification/'
Stat -q -f '%SB %N' '/Library/LaunchDaemons/'*|grep -i 'Oct 24 09:'|grep 2016|sed 's/$/ : Directory modification/'
Stat -q -f '%SB %N' '/System/Library/LaunchDaemons/'*|grep -i 'Oct 24 09:'|grep 2016|sed 's/$/ : Directory modification/' Stat -q -f '%SB %N' '/Users/amalard/Library/LaunchAgents/'*|grep -i 'Oct 24 09:'|grep 2016|sed 's/$/ : Directory modification/' Stat -q -f '%SB %N' '/Library/LaunchAgents/'*|grep -i 'Oct 24 09:'|grep 2016|sed 's/$/ : Directory modification/' Stat -q -f '%SB %N' '/System/Library/LaunchAgents/'*|grep -i 'Oct 24 09:'|grep 2016|sed 's/$/ : Directory modification/' Stat -q -f '%Sm %N' '/Users/amalard/Library/Containers/'*|grep -i 'Oct 24 09:'|grep 2016|sed 's/$/ : Installed App/'|sortĪdded or modified files (like trojan or malware App) Zegrep -A 1 'Installation' /var/log/install.log|grep -i 'Oct 24 09:'|sed 's/$/ : Installed pkg/'Ĭat /Library/Receipts/ist | grep -A 7 'T09:'|sed 's/$/ : Installed pkg/' System/Library/Frameworks/amework/Frameworks/amework/Support/lsregister -dump | egrep -i 'reg date' -B 25 -A 4 | grep -B 25 -A 4 ' 09:' |sed 's/$/ : Recorded App/' Stat -q -f '%SB %N' '/Users/amalard/Library/Application Support/CrashReporter/'*|grep -i 'Oct 24 09:'|grep 2016|sed 's/$/ : Executed App/'|sort Zegrep 'BOOT_TIME' /var/log/system.log*|grep -i 'Oct 24 09:'|awk ''|sed 's/$/ : Executed App/'|sort FORENSICS - EVENTS PROOF OF CONCEPT There is a 14 day trial.Ĭocoa Packet Analyzer is similar to WireShark but with a much better interface. I didn't think twice about the $15 price tag. HTTPScoop is awesome for inspecting the web traffic on your Mac. Not very satisfactory and requires a second machine (although it could be virtual).
#Tastycocoabytes cocoa packet analyzer mac
If you don't get any direct answer to this you could always run Fiddler on a windows machine and configure your browser on the Mac to use the windows machine as a proxy server. PCAP files captured from WireShark or other tools run on the Mac. Also, the very latest version of Fiddler can import.
#Tastycocoabytes cocoa packet analyzer download
You can point your Mac at your Windows+Fiddler machine: Īnd as of 2013, there's an Alpha download of Fiddler for the Mono Framework, which runs on Mac and Linux. In fact, it's already been asked on SuperUser.Ĭharles is written in Java and runs on Macs. One of the SO server sites might be better suited for your question. There's the more general but perhaps not as helpful to you Wireshark.
0 kommentar(er)
