Mac

1. Log Collection and Analysis

• System Logs:

  • View logs: log show

  • View logs for the last hour: log show --last 1h

  • View logs with a specific predicate: log show --predicate 'eventMessage contains "Camera"'

  • View logs for a specific process: log show --predicate 'process == "process_name"'

  • Export logs to a file: log collect --output /path/to/output.logarchive

• Application Logs:

  • View logs: tail -f /var/log/app_name.log

  • View logs for a specific time period: awk '/^2021-05-01/,0' /var/log/app_name.log

2. File System Monitoring

• List recent files: find / -type f -ctime -1

• Check file integrity: shasum -a 256 /path/to/file

• Monitor file changes: fswatch /path/to/directory

3. Network Monitoring

• Capture network traffic: tcpdump -i en0

• Display active network connections: netstat -an

• List open ports: lsof -i

4. Process Monitoring

• List running processes: ps aux

• Monitor process activity in real-time: top

• Track a specific process: pgrep process_name

5. User and Authentication Monitoring

• List logged-in users: w

• Check failed login attempts: cat /var/log/auth.log | grep 'Failed'

6. Malware Scanning

• Scan for malware: maldet --scan-all /path/to/directory

7. Disk Usage

• Check disk usage: df -h

• Find large files: find / -type f -size +100M

8. Memory Analysis

• Memory usage: vm_stat

• Check for memory leaks: leaks process_name

9. Miscellaneous

• Check system integrity protection status: csrutil status

• List loaded kernel extensions: kextstat