DataFence.png

Data Fence is a personal security tool to monitor access to your data, alerting you when hackers, government spies, or overly curious co-workers access your personal files. It can also be fun just to discover all the activity that occurs behind the scenes such as when you create a document or plug in a USB thumb drive.


PS Logger is a background daemon that supplements the information collected by Apple's BSM audit system. Apple's BSM audit system is a fantastic audit system, but BSM has one glaring flaw. If a process existed before a BSM audit file is created (say /usr/local/fubar is running as process 392), there is no evidence in the in the audit file that the fubar program is running. PS Logger helps address this.


AuditViewer.png

Audit Viewer is a forensics class tool. It is about digging down to the individual audit records. See the processes that were active on your computer, the programs they were running, then dig down to the individual audit records. Audit Viewer can also help you tune your system by showing you which processes generate the most audit records, and what types of evens generate the most audit records for the system as a whole or for an individual process. Audit Viewer also shows you which audit records are controlled by BSM audit_control's "flags" fields and which are generated by the "naflags" field.


An oldie, but a goodie. Audit Explorer, originally developed for Snow Leopard, set the standard for the depth of analysis that you can do with Apple's BSM audit data. Audit Explorer analyzes the Macintosh BSM audit trails, highlights notable events, lets you drill down to the actions of individual processes, and lets you explore the relationships between processes.