Auto Loaded Processes

Overview

Evidence: Auto Loaded Processes Description: Collect info on autoloaded processes Category: System Platform: macOS Short Name: autoproc Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

This collector gathers auto loaded processes information from the macOS system. This data is essential for understanding system activity, detecting security incidents, and investigating system-related events.## Data Collected

This collector gathers structured data about auto loaded processes.

Auto Loaded Procs Data

Field
Description
Example

ID

Primary key (auto-increment)

1

Name

Service name

com.apple.Safari

Path

Service plist path

/System/Library/LaunchAgents/com.apple.Safari.plist

Label

Service label

com.apple.Safari

Program

Program path

/Applications/Safari.app/Contents/MacOS/Safari

RunAtLoad

Run at load flag

true

KeepAlive

Keep alive flag

false

OnDemand

On demand flag

true

Disabled

Disabled flag

false

UserName

User name

_safari

GroupName

Group name

_safari

StdoutPath

Standard output path

/dev/null

StderrPath

Standard error path

/dev/null

StartInterval

Start interval

0

Arguments

Program arguments

WatchPaths

Watch paths

QueueDirs

Queue directories

InetdCompatibility

Inetd compatibility

false

StartOnMount

Start on mount

false

RootDir

Root directory

/

Cwd

Current working directory

/

ProcessType

Process type

Interactive

Hash

File SHA-256 hash

a1b2c3d4e5f6...

SizeInBytes

File size in bytes

1024

LastChangeTime

Last change time

2023-10-15 14:30:25

AccessTime

Access time

2023-10-15 14:30:25

ModificationTime

Modification time

2023-10-15 14:30:25

Collection Method

This collector parses the necessary data from the auto_loaded_processes table.

Usage

This evidence is crucial for forensic investigations as it provides auto loaded processes information. It helps investigators understand system activity, detect security incidents, and investigate system-related events. The data can reveal system changes, unauthorized activities, and potential security vulnerabilities. Analysts can use this information to identify system compromises, trace malicious activities, and assess system security posture.

Notes

This data may contain sensitive information that should be handled according to data protection requirements. Ensure proper chain of custody is maintained during collection and analysis.

Last updated

Was this helpful?