Open owentl opened 2 months ago
Thre is nothing preventing Chainsaw from supporting Mac logs it is just that no one has added the file parsers to Chainsaw to handle them. Currently Chainsaw supports:
To handle Mac artefacts it would probably need parsers for plist, bplist, sqlite, unifiedlogs. Depending on what Mac artefacts are to be consumed.
^ Ignore the above commit, I linked the wrong issue.
I appreciate that chainsaw was written to support evtx files, but is there any way to also support Mac logs too? Or has anyone ever run across a tool like chainsaw for Mac?