Crescendo
Crescendo is a real time event viewer for macOS that uses the ESF to show process executions and forks, file events, share mounting events, kernel extension loads, and IPC event data. ESF provides a vast amount of data, but the goal was to just pick out the things that analysts...
Cost / License
- Free
- Open Source
Platforms
- Mac
Features
Tags
- event-log
- event-viewer
Crescendo News & Activities
Recent activities
Crescendo information
Developed by
Stephen DavisLicensing
Open Source and Free product.Alternatives
23 alternatives listedSupported Languages
- English
What is Crescendo?
Crescendo is a real time event viewer for macOS that uses the ESF to show process executions and forks, file events, share mounting events, kernel extension loads, and IPC event data. ESF provides a vast amount of data, but the goal was to just pick out the things that analysts would be interested in when analyzing a piece of malware or trying to understand how a process (or component) works. Just the right amount of data without being a firehose of events to the user. Features
- System Extension using Endpoint Security Framework
- Real time event viewer and event detail viewer
- Search for easy filtering of events by process, PID, username, or event type
- Filters for unsigned apps vs apple signed apps
- Ability to export all events to JSON
- Context highlighting when unsigned apps are executed
Apple has added some extra security features that require some extra setup for enabling Crescendo’s system extension. Head on over to the Getting Started section in the README to get started. I’m hopeful this inconvenience will be fixed in future versions.