Application Usage

Overview

Evidence: Application Usage Description: Collect Application Usage Category: System Platform: macOS Short Name: appusg Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

This collector gathers application usage information from the macOS system. This data is essential for understanding system activity, detecting security incidents, and investigating system-related events.## Data Collected

This collector gathers structured data about application usage.

App Usage Data

Field

Description

Example

ID

Primary key (auto-increment)

Application

Application name

Safari

User

User who used the application

john

DurationInSeconds

Usage duration in seconds

3600

CreateTime

Record creation time

2023-10-15 14:30:25

StartTime

Application start time

2023-10-15 14:30:25

EndTime

Application end time

2023-10-15 15:30:25

Collection Method

This collector parses the necessary data from the application_usage table.

Usage

This evidence is crucial for forensic investigations as it provides application usage information. It helps investigators understand system activity, detect security incidents, and investigate system-related events. The data can reveal system changes, unauthorized activities, and potential security vulnerabilities. Analysts can use this information to identify system compromises, trace malicious activities, and assess system security posture.

Notes

This data may contain sensitive information that should be handled according to data protection requirements. Ensure proper chain of custody is maintained during collection and analysis.

PreviousApple System Logs NextArc Bookmarks

Last updated 15 minutes ago

Was this helpful?