Cron Jobs

Overview

Evidence: Cron Jobs Description: Collect Cron Jobs Category: System Platform: macos Short Name: cronj Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

This collector gathers cron jobs information from the macOS system. This data is essential for understanding system activity, detecting persistence, and investigating scheduled task misuse.

Data Collected

This collector gathers structured data about cron jobs.

Cron Jobs Data

Field

Description

Example

Event

Event

Example value

Minute

Minute

Example value

Hour

Hour

Example value

DayOfMonth

Day Of Month

Example value

Month

Month

Example value

DayOfWeek

Day Of Week

Example value

Command

Command

Example value

Path

Path

Example value

Collection Method

This collector queries the crontab table via osquery; if a path is present for an entry, the underlying file is collected.

Forensic Value

This evidence is crucial for forensic investigations as it reveals scheduled tasks that can indicate persistence mechanisms, data exfiltration schedules, or malicious automation.

PreviousCrashes NextDefault Browser

Last updated 2 days ago

Was this helpful?