The Innovation and Custom Engineering (ICE) Applied Research team presents the public release of Monitor.app for macOS, a simple GUI application for monitoring common system events on a macOS host. 

We cover how to use Unified Logs during an investigation and released a tool to help overcome some of those challenges. 

Crescendo is a real time event viewer for macOS that uses Apple's Endpoint Security Framework.

FireEye Mandiant has observed use of the Apple Remote Desktop application in recent macOS investigations.

The FLARE team introduces two small tools to aid in reverse engineering Cocoa applications for macOS, explaining how the Objective-C runtime complicates code analysis in tools such as IDA Pro, and how to find useful entry points into a Cocoa application’s code to begin analysis.