KnowledgeC

Overview

Evidence: KnowledgeC Description: Collect KnowledgeC Database Category: System Platform: aix Short Name: kcdb Is Parsed: No Sent to Investigation Hub: Yes Collect File(s): Yes

Background

KnowledgeC is a macOS database that stores user activity data including application usage, device connections, media playback, location data, and system events. It's part of Apple's CoreDuet framework used for Siri suggestions and system intelligence.

Data Collected

This collector gathers structured data about knowledgec.

Collection Method

This collector gathers the KnowledgeC database and related files from each user's Library/Application Support/Knowledge directory, which contains comprehensive user activity tracking data.

Forensic Value

KnowledgeC is extremely valuable for forensic investigations, providing detailed user activity timelines, application usage patterns, device connections, location history, and user behavior analysis. It's one of the richest data sources on macOS for understanding user actions.