Anti-Forensics
Account Misuse
Clear Browser Artifacts
Clear Email Artifacts
Code Contribution Obfuscation and Misrepresentation
Decrease Privileges
Delayed Execution Triggers
Delete User Account
Deletion of Volume Shadow Copy
Disk Wiping
File Deletion
File Encryption
Hide Artifacts
Hiding or Destroying Command History
Log Deletion
Log Modification
Message Deletion
Message Modification
Modify Windows Registry
Network Obfuscation
Physical Destruction of Storage Media
Physical Removal of Disk Storage
Stalling
Steganography
System Shutdown
System Time Modification
Timestomping
Tripwires
Uninstalling Software
Virtualization
- ID: AF002.003
- Created: 25th May 2024
- Updated: 04th August 2025
- Platform: MacOS
- Contributor: The ITM Team
Clear macOS System Logs
A subject deletes macOS system logs to obscure or eliminate evidence of an infringement. macOS stores a range of log data, including authentication attempts, application launches, process crashes, system events, and security audits, within /private/var/log and through the unified logging system accessible via the log command. Key files may include system.log, install.log, asl.log, and diagnostic logs within DiagnosticMessages and CrashReporter.
Deletion may occur manually via the rm or log erase commands, through scripted automation, or by modifying log rotation settings to erase historical activity.