Auto Loaded Processes
Overview
Evidence: Auto Loaded Processes Description: Collect info on autoloaded processes Category: System Platform: macOS Short Name: autoproc Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No
Background
This collector gathers auto loaded processes information from the macOS system. This data is essential for understanding system activity, detecting security incidents, and investigating system-related events.## Data Collected
This collector gathers structured data about auto loaded processes.
Auto Loaded Procs Data
ID
Primary key (auto-increment)
1
Name
Service name
com.apple.Safari
Path
Service plist path
/System/Library/LaunchAgents/com.apple.Safari.plist
Label
Service label
com.apple.Safari
Program
Program path
/Applications/Safari.app/Contents/MacOS/Safari
RunAtLoad
Run at load flag
true
KeepAlive
Keep alive flag
false
OnDemand
On demand flag
true
Disabled
Disabled flag
false
UserName
User name
_safari
GroupName
Group name
_safari
StdoutPath
Standard output path
/dev/null
StderrPath
Standard error path
/dev/null
StartInterval
Start interval
0
Arguments
Program arguments
WatchPaths
Watch paths
QueueDirs
Queue directories
InetdCompatibility
Inetd compatibility
false
StartOnMount
Start on mount
false
RootDir
Root directory
/
Cwd
Current working directory
/
ProcessType
Process type
Interactive
Hash
File SHA-256 hash
a1b2c3d4e5f6...
SizeInBytes
File size in bytes
1024
LastChangeTime
Last change time
2023-10-15 14:30:25
AccessTime
Access time
2023-10-15 14:30:25
ModificationTime
Modification time
2023-10-15 14:30:25
Collection Method
This collector parses the necessary data from the auto_loaded_processes
table.
Usage
This evidence is crucial for forensic investigations as it provides auto loaded processes information. It helps investigators understand system activity, detect security incidents, and investigate system-related events. The data can reveal system changes, unauthorized activities, and potential security vulnerabilities. Analysts can use this information to identify system compromises, trace malicious activities, and assess system security posture.
Notes
This data may contain sensitive information that should be handled according to data protection requirements. Ensure proper chain of custody is maintained during collection and analysis.
Last updated
Was this helpful?