It’s Friday, and I’m working on my research on the Apple Unified Log. I’ve been exploring the differences between the Sysdiagnose and the Apple Unified Log, especially regarding the artifacts relevant to Forensic Data Analytics.

In my proces-flow you can decide whether you want to preserve or acquire the Sysdiagnose or the Apple Unified Log.

So, with my limited skills, I put together a short informational document. Feel free to use it and especially feel free to contact me if you’d like any adjustments! (Or even have a better design for me)

You can download the file under the preview.

Licensed under CC BY-SA 4.0.
Feel free to share or adapt the work — with attribution and under the same license.