Recipe Difficulty: Medium

Python Version: 3.5

Operating System: Any

Operating system logs generally reflect events for software, hardware, and services on the system. These details can assist us in our investigations as we look into an event, such as the use of removable devices. One example of a log that can prove useful in identifying this activity is daily.out log found on macOS systems. This log records a lot of information, including what drives are connected to the machine and the amount of storage available and used daily. While we can also learn about shutdown times, network states, and other information from this log, we will focus on drive usage over time.