In the late 2000s and early 2010s I developed a number of tools leveraging the capabilities of BSM auditing systems for intrusion detection and digital forensics. This 22-minute video from 2010 documented some of that work.

When developing intrusion detection and forensic tools that use an operating system’s audit data, it is important that organizations using your tools configure their auditing system to collect relevant data. This video shows what can be achieved with Apple’s BSM audit data when configured to collect useful data.