The Mac Operating System is a fork of UNIX OS that is widely used in Apple's computers known as Mac Books. The availability of tools for macOS forensics are in scarce. In addition to this, the macOS provides extra security to the user, which in turn leads to difficulties in forensic analysis. Nowadays the macOS is gaining popularity among cyber criminals because of its unique features. Hence there is a need for analyzing mac Systems in depth. The artefacts left out by the suspect must be retrieved and analyzed as part of cyber forensics investigation. The data from these artefacts are analyzed based on its forensic relevance. This paper presents a methodology for live forensics in macOS system. This involves acquisition of crucial artifacts from a suspect's machine and analyzing it later in an investigator's machine.