However, Apple wanted a single, standardized logging format across the macOS, iOS, tvOS and watchOS platforms. Prior to the AUL, macOS relied on traditional Unix logging formats such as the syslog or proprietary formats such as the Apple System Log (ASL). Why Did Apple Implement the AUL?Īpple announced the AUL at its 2016 Worldwide Developers Conference (WWDC) with the goal of changing the way logging occurs across its devices. In this blog, we explain why it’s important for forensic analysts to understand why Apple implemented the AUL, how it works, what type of information it records and how to use it in order to have a better understanding of AUL data and the information analysts can find within. ![]() Hunting for useful entries in the AUL is like scouring the pages of a “Where’s Waldo?” children’s book, trying to find Waldo in crowds of similar faces. While it boasts longer retention times and contains a tremendous amount of data, the volume and level of granularity can quickly become overwhelming. This log format, standardized across the Apple ecosystem, is both a blessing and a curse for responders. As of macOS 10.12 Sierra, incident responders have been able to turn to a new endpoint log source for investigative answers: the Apple Unified Log (AUL).
0 Comments
Leave a Reply. |