Thought i would post about some new tools in 10.5 which can be very useful when looking into odd processes etc.

They are basically pre-built dtrace command line tools.

They are called:

/usr/bin/execsnoop
/usr/bin/opensnoop
/usr/bin/iosnoop
/usr/bin/rwsnoop

Between these you can monitor file opens, file reads and write, process I/O and process executions for all processes on the system.
You have to run them as root as they require to hook into the dtrace area in the kernel.

Using these is far easier than having to write a dtrace program yourself and trying to figure out which of the 30000 odd probes you need to use.