Audit Viewer

Developer: Net Squared Inc.

Current Version: 1.1

Last Updated: 4 years ago

Download Size: 5.5 MB - Download


Audit Viewer lets you browse your Mac’s BSM audit records. The Mac’s auditing system is like an airplane’s flight recorder system for your computer. When something goes wrong, it can be your most valuable source of data to reconstruct exactly what happened and hopefully prevent a reoccurrence.

Audit Viewer is a forensics class tool. It is about digging down to the individual audit records.

Unsure whether your audit system is configured correctly? Use Audit Viewer to verify that you can find the data you think should be there.

Find some malware on your computer? Let Audit Viewer show you exactly what that malware did before you discovered it.

Do you have poorly written PHP code that may have let hackers steal data off your computer? Audit Viewer can show you what happened?

Apple’s BSM system is incredibly powerful, but you need tools to unlock its power. Audit Viewer is one of those tools.

Visit our site for for more information including video tutorials and full online documentation.


Release Notes:

The process list has been updated to show the number of audit records for each process. You can sort on this column (and others). This lets you quickly zoom in on which processes are generating the greatest number of audit records.

A new view panel has been added to show the distribution of audit records by event type for a selected process or all the processes. This lets you tune your audit collection by setting different flags in Apple’s audit_control file.

Machine ID in the audit records now includes the IP address. A Web menu takes you to a web page to download sample data. Cleaned up documentation and made it more searchable.

Process snapshot (PS) information can be used to augment the BSM data, showing, for example, program names for processes that aren't recorded in a BSM file.