Come disattivare CoreAnalytics (meccanismo di diagnostica di sistema) utilizzato dagli investigatori della scientifica

0

Da So cosa hai fatto il mese scorso: un nuovo artefatto di esecuzione su macOS 10.13

Analysts that perform macOS forensics have had few, if any, artifacts of program execution to rely on during investigations — until now. In macOS 10.13 (High Sierra), Apple introduced CoreAnalytics, which is a system diagnostics mechanism that maintains a record of Mach-O programs that have executed on a system over approximately one month. CoreAnalytics can serve a number of valuable analytical purposes for both insider threat investigations and incident response. The artifact can be used to:

  • Determine the extent to which a system was in use, with accuracy up to one day
  • Determine which programs were run on a particular day, whether in the foreground or in the background
  • Determine how long, approximately, a program was running and/or active, as well as provide an approximate number of times the program was launched or brought to the foreground interactively

Come disabilitare CoreAnalytics in modo permanente? Non solo un cronjob cancellando l'output.

    
posta Ivanov 05.08.2018 - 14:39
fonte

0 risposte

Leggi altre domande sui tag